Life Journal

随笔,及其他

我是 Xiao Xiao,在日本的产品经理,偶尔也写代码,iOS/Mac/Web,偶尔也做设计,爱用 Sketch,偶尔写文字,存在这里。


使用OpenVPN的route命令实现选择性翻墙

最近一系列敏感事件的发生,越来越多的人开始选择用VPN来翻墙。

然而,在默认情况下,一旦VPN连接成功,那么本地所有的网络请求都会通过VPN来传送。这使得许多想边下载边翻墙的童鞋无法如愿以偿——毕竟VPN会对速度有较大影响,并且绝大多数VPN都有流量限制。

那么有没有两全其美的方法呢?

在Google Code上就有一个项目叫chnroutes,提供了一些脚本来实现相应的功能,不过使用上实在是麻烦,而且缺乏灵活度。

其实,如果使用OpenVPN类型的VPN的话,那么有个很简单的方法,可以仅让指定的IP范围内的网络请求通过VPN发送,而正常的访问则不会占用VPN一丝流量。

首先,OpenVPN的配置文件,支持一个参数route-nopull,可以使VPN连接后,并不修改默认路由,也就不会有任何网络请求走VPN。

其次,我们可以在配置文件的末尾,添加一些route命令,指定特定的IP范围请求通过VPN发送。比如:

NTT Twitter

route 168.143.0.0 255.255.0.0 vpngateway
route 128.121.0.0 255.255.0.0 vpn
gateway

上面的一行命令可以分成三部分来理解:

route        168.143.0.0 255.255.0.0        vpn_gateway
命令名称          网络范围(IP段)                              指定通过的路由

关于中间的部分,如果你学过计算机网络,那么对于任何一个站点,你应该都能轻松得到它的IP地址,那么再指定一个包含该地址并且不大的网络范围就可以了。

关于最后一个参数“vpngateway”,还有一个相似的参数,netgateway,功能与前者恰恰相反,表示强行指定任意IP段不通过VPN来访问。

如果你没有学过计算机网络、或者学的不好,那么你可以依照下面的教程来获取关于一个站点的可行的网络范围:

以google.cn为例。

  1. 在“附件”中打开“命令提示符”(或者在“运行”窗口中输入cmd再回车)
  2. 输入ping+空格+站点的地址,此处我们输入 ping google.cn
  3. 部分的结果如下,注意到第二行中括号内的IP地址了么?
  4. 把该IP地址最后以为改成数字0,后面跟 255.255.255.0
  5. 这样就得到了我们要的一个可以作为参数的IP段74.125.95.0 255.255.255.0 (注意中间有个空格)

当然,手写这些是非常麻烦的。如果你已经有现成的OpenVPN配置文件了的话,那么只需要把下面的文本复制并粘贴到配置文件的最末端即可。别忘了要新起一行哦~

(说明1:最好把你用的VPN服务器本身的IP使用net_gateway参数添加进去,如下面的文本中晓晓自己使用的vpnchina sever,以避免错误的让VPN服务器也需要通过VPN来连接——那就没法访问VPN服务器了)

(说明2:上面的教程仅仅是写给新手看的。)

遗补:使用这种方式翻墙时,建议将一些IP地址多变的网站解析结果写入到本地hosts里固定下来,避免配置文件中指定的IP段因为解析地址变化而失效。另外,使用该方法时,DNS污染仍然会对你造成影响。因此,务必使用干净的如8.8.8.8的DNS。

遗补2:由于route条目较多,还需要添加一条 max-routes 1000 语句。

max-routes 1000
route-nopull

vpnchina sever

route 174.36.181.0 255.255.255.0 net_gateway

ustream

route 96.17.8.0 255.255.255.0 vpn_gateway

no21984.org

route 97.74.203.0 255.255.255.0 vpn_gateway

archive

route 207.241.0.0 255.255.0.0 vpn_gateway

isohunt

route 208.71.112.0 255.255.255.0 vpn_gateway

zkaip

route 174.37.148.0 255.255.255.0 vpn_gateway

bit.ly

route 168.143.173.0 255.255.255.0 vpn_gateway

adobe

route 192.150.0.0 255.255.0.0 vpn_gateway

ke neng ba

route 74.207.248.0 255.255.255.0 vpn_gateway

python

route 82.94.164.0 255.255.255.0 vpn_gateway

ur.ly

route 216.239.34.0 255.255.255.0 vpn_gateway

iphonedownloadblog

route 66.33.209.0 255.255.255.0 vpn_gateway

uncyclopedia

route 96.45.180.0 255.255.255.0 vpn_gateway

mediafire

route 93.46.8.0 255.255.255.0 vpngateway
route 8.7.198.0 255.255.255.0 vpn
gateway
route 37.61.54.0 255.255.255.0 vpn_gateway

blackra1n

route 74.220.215.0 255.255.255.0 vpn_gateway

r f a

route 63.85.36.0 255.255.255.0 vpn_gateway

yam

route 60.199.252.0 255.255.255.0 vpn_gateway

wei quan wang

route 75.125.252.0 255.255.255.0 vpn_gateway

ff.im

route 64.13.142.0 255.255.255.0 vpn_gateway

plurk

route 74.120.121.0 255.255.255.0 vpn_gateway

b b c

route 212.58.240.0 255.255.248.0 vpn_gateway

xiaochun

route 210.157.5.0 255.255.255.0 vpn_gateway

dropbox

route 174.129.212.0 255.255.255.0 vpn_gateway

wikimedia

route 208.80.152.0 255.255.255.0 vpn_gateway

akamai

route 63.150.131.0 255.255.255.0 vpn_gateway

flickr

route 67.195.19.0 255.255.255.0 vpngateway
route 69.147.90.0 255.255.255.0 vpn
gateway

twitbrowser

route 97.74.144.0 255.255.255.0 vpn_gateway

ipaddl

route 67.19.72.0 255.255.255.0 vpn_gateway

delicious

route 76.13.6.0 255.255.255.0 vpn_gateway

sendspace

route 216.151.186.0 255.255.255.0 vpn_gateway

emule

route 74.53.185.0 255.255.255.0 vpn_gateway

dev-team

route 72.32.231.0 255.255.255.0 vpn_gateway

hellotxt

route 212.239.17.0 255.255.255.0 vpn_gateway

Mediafire

route 205.196.120.0 255.255.255.0 vpn_gateway

Geocity

route 202.93.87.0 255.255.255.0 vpn_gateway

tinypic

route 209.17.74.0 255.255.255.0 vpn_gateway

ultraxs.com

route 93.46.8.0 255.255.255.0 vpn_gateway

AOL

route 64.12.0.0 255.255.0.0 vpngateway
route 207.200.64.0 255.255.192.0 vpn
gateway
route 205.188.0.0 255.255.0.0 vpn_gateway

NTT Twitter

route 168.143.0.0 255.255.0.0 vpngateway
route 128.121.0.0 255.255.0.0 vpn
gateway

Cloud Front (Twitter)

route 216.137.32.0 255.255.224.0 vpn_gateway

Facebook

route 159.106.121.0 255.255.255.0 vpngateway
route 69.63.176.0 255.255.240.0 vpn
gateway
route 66.220.144.0 255.255.240.0 vpn_gateway

Akamai (Facebook)

route 72.246.0.0 255.254.0.0 vpngateway
route 204.2.171.0 255.255.255.0 vpn
gateway

Youtube / Google

route 8.8.0.0 255.255.0.0 vpngateway
route 66.249.0.0 255.255.0.0 vpn
gateway
route 74.125.0.0 255.255.0.0 vpngateway
route 209.85.128.0 255.255.128.0 vpn
gateway
route 202.78.112.0 255.255.240.0 vpngateway
route 66.102.0.0 255.255.240.0 vpn
gateway
route 208.65.152.0 255.255.252.0 vpn_gateway

Revsci

route 216.223.0.0 255.255.0.0 vpn_gateway

Amazon

route 174.129.0.0 255.255.0.0 vpn_gateway

Omroep

route 145.58.0.0 255.255.0.0 vpn_gateway

Transip

route 80.69.64.0 255.255.224.0 vpn_gateway

Hurricane Electric (mail-archive.com)

route 72.52.64.0 255.255.192.0 vpn_gateway

GoDaddy

route 64.202.160.0 255.255.224.0 vpn_gateway

PsiNET

route 38.0.0.0 255.0.0.0 vpn_gateway

WordPress

route 72.233.0.0 255.255.128.0 vpngateway
route 74.200.192.0 255.255.192.0 vpn
gateway
route 76.74.254.0  255.255.255.128 vpngateway
route 65.52.0.0 255.252.0.0 vpn
gateway

Spotify

route 78.31.8.0 255.255.255.0 vpn_gateway

The Planet

route 74.52.0.0 255.252.0.0 vpn_gateway

Slicehost / Posterous

route 67.207.128.0 255.255.224.0 vpn_gateway

Softlayer / Twitpic

route 174.36.0.0 255.254.0.0 vpngateway
route 66.228.120.0 255.255.255.0 vpn
gateway

Vimeo

route 66.235.112.0 255.255.240.0 vpngateway
route 208.67.232.0 255.255.248.0 vpn
gateway
route 72.21.192.0 255.255.224.0 vpn_gateway

Wefollow

route 70.32.64.0 255.255.192.0 vpn_gateway

blogspot

route 64.233.160.0 255.255.224.0 vpngateway
route 72.14.192.0 255.255.192.0 vpn
gateway

badongo

route 216.45.48.0 255.255.240.0 vpngateway
# www.wenxuecity.com / psinet
route 38.0.0.0 255.0.0.0 vpn
gateway
# Twitpic
route 74.86.0.0 255.255.0.0 vpngateway
# www.dwnews.com / level3
route 209.244.0.0 255.252.0.0 vpn
gateway
# www.6park.com / the planet
route 74.52.0.0 255.252.0.0 vpngateway
# Backchina / the planet
route 209.62.0.0 255.255.128.0 vpn
gateway

yFrog

route 208.94.0.0 255.255.252.0 vpn_gateway

opera

route 213.236.128.0 255.255.128.0 vpn_gateway