How to bypass website blocking without directing all traffic through a VPN

How to bypass website blocking without directing all traffic through a VPN

In this short post, I wanted to tell you how to configure OpenVPN Access Server and the usual OpenVPN for servicing only blocked resources.

Installation and initial setup of OpenVPN Access Server are simple and described many times. Of course, you need to do this for any server outside the censored country (AWS, Cloud cost, DigitalOcean, etc.). The essence of the initial configuration in our case is reduced to 3 points:

Advanced VPN → Additional OpenVPN Config Directives (Advanced): Server Config Directives – Add directly the list of addresses to which we want to have access via OpenVPN (you can use the commands ns lookup or dig to determine these addresses):

Part 1

Save settings, update the server configuration

Part 2

VPN Settings → Routing: Should VPN clients have access to private subnets (non-public networks on the server side)? – Yes, using NAT, and then add CIDR blocks of networks in which the blocked resources are located

Part 3

A network mask should not be taken too large to not capture other resources in these networks and thus do not slow down their work for themselves.

VPN Settings → Routing: Should client Internet traffic be routed through the VPN? – No. Save settings, update the server configuration

Part 4

Of course, for all its simplicity and convenience, this option has a disadvantage in the form of a restriction on 2 simultaneous connections in the free version (the minimum package of 10 licenses for the year at $ 15 for each, not all fit), so the lower option is how to achieve the same with the usual OpenVPN File /etc/OpenVPN/server.conf):

Part 5

Do not forget to reload the configuration of our server:

Part 6

After connecting to your server, you can check the result, for example, by tracing a route to one of the addresses/domains that are blocked, and then to another that is allowed in your country. Expected result: in the first case, traffic will go through an encrypted tunnel to your server, in the second – as usual, through your provider’s network. This method works fine on all major platforms, including iOS.

Thus, with minimal effort, you get a fast running Internet with a slightly slower access to blocked resources. I would be happy if it helps someone.