OpenVPN Server Routing

I want to start out by saying this post is not about how to configure OpenVPN server... please Google "openvpn server digitalocean" and follow that guide.

The purpose of this post is to configure your already set up OpenVPN server to redirect all network traffic except any Google addresses. My use case was very simple, tell Google where I am at all times (yes I know why would you do that, but I have my reasons) and how, for other websites besides Google, how to forward my actual IP instead of obfuscated through my VPN.

First of all, find out what IP ranges Google uses. You will then need to convert this into a way your OpenVPN server can use. I used a random internet cheat sheet to do this: https://www.cloudaccess.net/cloud-control-panel-ccp/157-dns-management/322-subnet-masks-reference-table.html

For example, take the first prefix of "ipv4Prefix": "8.8.4.0/24". In order to not "push" that IP range through, we somehow need to tell our server to ignore that range. Let's give it a go shall we? If we add this line into our server config (normally located at /etc/openvpn/server/server.conf), it should ignore those routings should we visit them: push "route 8.8.4.0 255.255.255.0 net_gateway"

To do this for ALL Google IP's, at the time of writing (October 20, 2021), it should look like this:

push "route 8.8.4.0 255.255.255.0 net_gateway"
push "route 8.8.8.0 255.255.255.0 net_gateway"
push "route 8.34.208.0 255.255.240.0 net_gateway"
push "route 8.35.192.0 255.255.240.0 net_gateway"
push "route 23.236.48.0 255.255.240.0 net_gateway"
push "route 23.251.128.0 255.255.224.0 net_gateway"
push "route 34.64.0.0 255.192.0.0 net_gateway"
push "route 34.128.0.0 255.192.0.0 net_gateway"
push "route 35.184.0.0 255.248.0.0 net_gateway"
push "route 35.192.0.0 255.252.0.0 net_gateway"
push "route 35.196.0.0 255.254.0.0 net_gateway"
push "route 35.198.0.0 255.255.0.0 net_gateway"
push "route 35.199.0.0 255.255.128.0 net_gateway"
push "route 35.199.128.0 255.255.192.0 net_gateway"
push "route 35.200.0.0 255.248.0.0 net_gateway"
push "route 35.208.0.0 255.240.0.0 net_gateway"
push "route 35.224.0.0 255.240.0.0 net_gateway"
push "route 35.240.0.0 255.248.0.0 net_gateway"
push "route 64.15.112.0 255.255.240.0 net_gateway"
push "route 64.233.160.0 255.255.224.0 net_gateway"
push "route 66.102.0.0 255.255.240.0 net_gateway"
push "route 66.249.64.0 255.255.224.0 net_gateway"
push "route 70.32.128.0 255.255.224.0 net_gateway"
push "route 72.14.192.0 255.255.192.0 net_gateway"
push "route 74.114.24.0 255.255.248.0 net_gateway"
push "route 74.125.0.0 255.255.0.0 net_gateway"
push "route 104.154.0.0 255.254.0.0 net_gateway"
push "route 104.196.0.0 255.252.0.0 net_gateway"
push "route 104.237.160.0 255.255.224.0 net_gateway"
push "route 107.167.160.0 255.255.224.0 net_gateway"
push "route 107.178.192.0 255.255.192.0 net_gateway"
push "route 108.59.80.0 255.255.240.0 net_gateway"
push "route 108.170.192.0 255.255.192.0 net_gateway"
push "route 108.177.0.0 255.255.128.0 net_gateway"
push "route 130.211.0.0 255.255.0.0 net_gateway"
push "route 136.112.0.0 255.240.0.0 net_gateway"
push "route 142.250.0.0 255.254.0.0 net_gateway"
push "route 146.148.0.0 255.255.128.0 net_gateway"
push "route 162.216.148.0 255.255.252.0 net_gateway"
push "route 162.222.176.0 255.255.248.0 net_gateway"
push "route 172.110.32.0 255.255.248.0 net_gateway"
push "route 172.217.0.0 255.255.0.0 net_gateway"
push "route 172.253.0.0 255.255.0.0 net_gateway"
push "route 173.194.0.0 255.255.0.0 net_gateway"
push "route 173.255.112.0 255.255.240.0 net_gateway"
push "route 192.158.28.0 255.255.252.0 net_gateway"
push "route 192.178.0.0 255.254.0.0 net_gateway"
push "route 193.186.4.0 255.255.255.0 net_gateway"
push "route 199.36.154.0 255.255.254.0 net_gateway"
push "route 199.36.156.0 255.255.255.0 net_gateway"
push "route 199.192.112.0 255.255.252.0 net_gateway"
push "route 199.223.232.0 255.255.248.0 net_gateway"
push "route 207.223.160.0 255.255.240.0 net_gateway"
push "route 208.65.152.0 255.255.252.0 net_gateway"
push "route 208.68.108.0 255.255.252.0 net_gateway"
push "route 208.81.188.0 255.255.252.0 net_gateway"
push "route 208.117.224.0 255.255.224.0 net_gateway"
push "route 209.85.128.0 255.255.128.0 net_gateway"
push "route 216.58.192.0 255.255.224.0 net_gateway"
push "route 216.73.80.0 255.255.240.0 net_gateway"
push "route 216.239.32.0 255.255.224.0 net_gateway"

This works for other websites as well! You can define anything this way given you know the IP address (preferably range) for the website you want to ignore through the VPN.