Add Routes to OpenVPN Client Config

OpenVPN supports per-network route directives in the client config. NetRoute Pro generates these directives from any website's domains — add them to your .ovpn and you have split tunneling in minutes.

Prerequisites

OpenVPN 2.4 or newer
Access to the .ovpn client configuration file
An OpenVPN client — CLI (openvpn), OpenVPN GUI for Windows, Tunnelblick for macOS, or the official mobile apps
NetRoute Pro Chrome extension installed

Step 1. Generate route directives in NetRoute Pro

Open the target website in Chrome
Click the NetRoute Pro icon in your extensions
Select the OpenVPN platform
Choose aggregation mask (recommended /24)
Click Analyze Website
Copy the generated output — one directive per line:

route 104.21.32.0 255.255.255.0
route 172.67.182.0 255.255.255.0
route 162.159.135.0 255.255.255.0

Tip: enable RIPE BGP optimization — it emits announced BGP prefixes that remain valid across CDN IP rotations.

Step 2. Edit your .ovpn config

Open your .ovpn file in a text editor
Remove any redirect-gateway def1 line — it routes everything through the VPN and defeats split tunneling
Remove any push "redirect-gateway def1" line if present
Paste the route directives at the end of the file, above any inline <cert>, <key>, <ca>, or <tls-auth> blocks
Save the file

client
dev tun
proto udp
remote vpn.example.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun

# Split tunneling — routes only specific subnets through the VPN
route 104.21.32.0 255.255.255.0
route 172.67.182.0 255.255.255.0
route 162.159.135.0 255.255.255.0

<ca>
...
</ca>

Step 3. Reconnect the VPN

Disconnect and reconnect the OpenVPN client so it reloads the config and applies the new routes.

Alternative: server-side routes

If you're the VPN administrator and want to push routes to all clients automatically, add this to the server config:

push "route 104.21.32.0 255.255.255.0"
push "route 172.67.182.0 255.255.255.0"

Clients receive the routes on connect — no client-side edits needed.

Verify

After reconnecting, check that the routes are installed:

Windows: route print
Linux / macOS: ip route (Linux) or netstat -rn (macOS)

The added subnets should route via your OpenVPN adapter (typically tun0 or similar — use whatever interface your OpenVPN client creates).

Common issues

route directives ignored

Your config (or the server push) contains route-nopull or a --pull-filter that drops them. Remove or adjust those directives.

DNS leaks on Windows

Windows can still query DNS outside the tunnel. Add this to the client config:

block-outside-dns

Routes added but traffic doesn't go through VPN

The routes are correct, but the VPN server isn't NAT-ing your traffic for those destinations. This is a server-side fix — the administrator needs to enable masquerade/NAT for the client subnet on the VPN interface.

References

Ready to try?

NetRoute Pro — a free Chrome extension to generate routes from any website.

Install Extension