使用OpenVPN的route命令实现选择性翻墙
最近一系列敏感事件的发生,越来越多的人开始选择用VPN来翻墙。
然而,在默认情况下,一旦VPN连接成功,那么本地所有的网络请求都会通过VPN来传送。这使得许多想边下载边翻墙的童鞋无法如愿以偿–毕竟VPN 会对速度有较大影响,并且绝大多数VPN都有流量限制。
那么有没有两全其美的方法呢?
在Google Code上就有一个项目叫chnroutes, 提供了一些脚本来实现相应的功能,不过使用上实在是麻烦,而且缺乏灵活度。
其实,如果使用OpenVPN类型的VPN的话,那么有个很简单的方法,可以仅让指定的IP范围内的网络请求通过VPN发送,而正 常的访问则不会占用VPN一丝流量。
首先,OpenVPN的配置文件,支持一个参数route-nopull,可以使VPN连接后,并不修改 默认路由,也就不会有任何网络请求走VPN。
其次,我们可以在配置文件的末尾,添加一些route命令,指定特定的IP范围请求通过VPN发送。比如:
# NTT Twitter
route 168.143.0.0 255.255.0.0 vpn_gateway
route 128.121.0.0 255.255.0.0 vpn_gateway
上面的一行命令可以分成三部分来理解:
route 168.143.0.0 255.255.0.0 vpn_gateway
命令名称 网络范围(IP段) 指定通过的路由
关于中间的部分,如果你学过计算机网络,那么对于任何一个站点,你应该都能轻松得到它的IP地址,那么再指定一个包含该地址并且不大的网络范围就可 以了。
关于最后一个参数”vpn_gateway”,还有一个相似的参数,net_gateway,功能与前者恰恰相反,表示强行指定任意IP段不通过 VPN来访问。
如果你没有学过计算机网络、或者学的不好,那么你可以依照下面的教程来获取关于一个站点的可行的网络范围:
以google.cn为 例。
- 在”附件”中打开”命令提示符”(或者在”运行”窗口中输入cmd再回车)
- 输入ping+空格+站点的地址,此处我们输入 ping google.cn
- 部分的结果如下,注意到第二行中括号内的IP地址了么?
- 把该IP地址最后以为改成数字0,后面跟 255.255.255.0
- 这样就得到了我们要的一个可以作为参数的IP段74.125.95.0 255.255.255.0 (注意中间有个空格)
当然,手写这些是非常麻烦的。如果你已经有现成的OpenVPN配置文件了的话,那么只需要把下面的文本复制并粘贴到配置文件的最 末端即可。别忘了要新起一行哦~
(说明1:最好把你用的VPN服务器本身的IP使用net_gateway参数添加进去,如下面的文本中晓晓自己使用的vpnchina sever,以避免错误的让VPN服务器也需要通过VPN来连接–那就没法访问VPN服务器了)
(说明2:上面的教程仅仅是写给新手看的。)
遗补:使用这种方式翻墙时,建议将一些IP地址多变的网站解析结果写入到本地hosts里固定下来,避免配置文件中指定的IP段因为解析地址变化而 失效。另外,使用该方法时,DNS污染仍然会对你造成影响。因此,务必使用干净的如8.8.8.8的DNS。
route-nopull
# vpnchina sever
route 174.36.181.0 255.255.255.0 net_gateway#ustream
route 96.17.8.0 255.255.255.0 vpn_gateway#no21984.org
route 97.74.203.0 255.255.255.0 vpn_gateway#archive
route 207.241.0.0 255.255.0.0 vpn_gateway#isohunt
route 208.71.112.0 255.255.255.0 vpn_gateway# zkaip
route 174.37.148.0 255.255.255.0 vpn_gateway#bit.ly
route 168.143.173.0 255.255.255.0 vpn_gateway#adobe
route 192.150.0.0 255.255.0.0 vpn_gateway# ke neng ba
route 74.207.248.0 255.255.255.0 vpn_gateway# python
route 82.94.164.0 255.255.255.0 vpn_gateway#ur.ly
route 216.239.34.0 255.255.255.0 vpn_gateway#iphonedownloadblog
route 66.33.209.0 255.255.255.0 vpn_gateway# uncyclopedia
route 96.45.180.0 255.255.255.0 vpn_gateway#mediafire
route 93.46.8.0 255.255.255.0 vpn_gateway
route 8.7.198.0 255.255.255.0 vpn_gateway
route 37.61.54.0 255.255.255.0 vpn_gateway# blackra1n
route 74.220.215.0 255.255.255.0 vpn_gateway#r f a
route 63.85.36.0 255.255.255.0 vpn_gateway#yam
route 60.199.252.0 255.255.255.0 vpn_gateway#wei quan wang
route 75.125.252.0 255.255.255.0 vpn_gateway#ff.im
route 64.13.142.0 255.255.255.0 vpn_gateway# plurk
route 74.120.121.0 255.255.255.0 vpn_gateway# b b c
route 212.58.240.0 255.255.248.0 vpn_gateway# xiaochun
route 210.157.5.0 255.255.255.0 vpn_gateway# dropbox
route 174.129.212.0 255.255.255.0 vpn_gateway# wikimedia
route 208.80.152.0 255.255.255.0 vpn_gateway# akamai
route 63.150.131.0 255.255.255.0 vpn_gateway# flickr
route 67.195.19.0 255.255.255.0 vpn_gateway
route 69.147.90.0 255.255.255.0 vpn_gateway# twitbrowser
route 97.74.144.0 255.255.255.0 vpn_gateway# ipaddl
route 67.19.72.0 255.255.255.0 vpn_gateway# delicious
route 76.13.6.0 255.255.255.0 vpn_gateway# sendspace
route 216.151.186.0 255.255.255.0 vpn_gateway#emule
route 74.53.185.0 255.255.255.0 vpn_gateway# dev-team
route 72.32.231.0 255.255.255.0 vpn_gateway# hellotxt
route 212.239.17.0 255.255.255.0 vpn_gateway# Mediafire
route 205.196.120.0 255.255.255.0 vpn_gateway# Geocity
route 202.93.87.0 255.255.255.0 vpn_gateway#tinypic
route 209.17.74.0 255.255.255.0 vpn_gateway# ultraxs.com
route 93.46.8.0 255.255.255.0 vpn_gateway# AOL
route 64.12.0.0 255.255.0.0 vpn_gateway
route 207.200.64.0 255.255.192.0 vpn_gateway
route 205.188.0.0 255.255.0.0 vpn_gateway# NTT Twitter
route 168.143.0.0 255.255.0.0 vpn_gateway
route 128.121.0.0 255.255.0.0 vpn_gateway# Cloud Front (Twitter)
route 216.137.32.0 255.255.224.0 vpn_gateway
route 159.106.121.0 255.255.255.0 vpn_gateway
route 69.63.176.0 255.255.240.0 vpn_gateway
route 66.220.144.0 255.255.240.0 vpn_gateway# Akamai (Facebook)
route 72.246.0.0 255.254.0.0 vpn_gateway
route 204.2.171.0 255.255.255.0 vpn_gateway# Youtube / Google
route 8.8.0.0 255.255.0.0 vpn_gateway
route 66.249.0.0 255.255.0.0 vpn_gateway
route 74.125.0.0 255.255.0.0 vpn_gateway
route 209.85.128.0 255.255.128.0 vpn_gateway
route 202.78.112.0 255.255.240.0 vpn_gateway
route 66.102.0.0 255.255.240.0 vpn_gateway
route 208.65.152.0 255.255.252.0 vpn_gateway# Revsci
route 216.223.0.0 255.255.0.0 vpn_gateway# Amazon
route 174.129.0.0 255.255.0.0 vpn_gateway# Omroep
route 145.58.0.0 255.255.0.0 vpn_gateway# Transip
route 80.69.64.0 255.255.224.0 vpn_gateway# Hurricane Electric (mail-archive.com)
route 72.52.64.0 255.255.192.0 vpn_gateway# GoDaddy
route 64.202.160.0 255.255.224.0 vpn_gateway# PsiNET
route 38.0.0.0 255.0.0.0 vpn_gateway# WordPress
route 72.233.0.0 255.255.128.0 vpn_gateway
route 74.200.192.0 255.255.192.0 vpn_gateway
route 76.74.254.0 255.255.255.128 vpn_gateway
route 65.52.0.0 255.252.0.0 vpn_gateway# Spotify
route 78.31.8.0 255.255.255.0 vpn_gateway# The Planet
route 74.52.0.0 255.252.0.0 vpn_gateway# Slicehost / Posterous
route 67.207.128.0 255.255.224.0 vpn_gateway# Softlayer / Twitpic
route 174.36.0.0 255.254.0.0 vpn_gateway
route 66.228.120.0 255.255.255.0 vpn_gateway# Vimeo
route 66.235.112.0 255.255.240.0 vpn_gateway
route 208.67.232.0 255.255.248.0 vpn_gateway
route 72.21.192.0 255.255.224.0 vpn_gateway# Wefollow
route 70.32.64.0 255.255.192.0 vpn_gateway# blogspot
route 64.233.160.0 255.255.224.0 vpn_gateway
route 72.14.192.0 255.255.192.0 vpn_gateway# badongo
route 216.45.48.0 255.255.240.0 vpn_gateway
# www.wenxuecity.com / psinet
route 38.0.0.0 255.0.0.0 vpn_gateway
# Twitpic
route 74.86.0.0 255.255.0.0 vpn_gateway
# www.dwnews.com / level3
route 209.244.0.0 255.252.0.0 vpn_gateway
# www.6park.com / the planet
route 74.52.0.0 255.252.0.0 vpn_gateway
# Backchina / the planet
route 209.62.0.0 255.255.128.0 vpn_gateway# yFrog
route 208.94.0.0 255.255.252.0 vpn_gateway# opera
route 213.236.128.0 255.255.128.0 vpn_gateway