How to skip ChatGPT from WireGuard or OpenVPN on Linux

The logic is simple. Find the IP address and set the routing policy to skip the VPN interface. by default, or All traffic will be routed through the VPN interface, but I will set the metrics below the WireGuard or OpenVPN interface and route traffic directly through my router instead of the VPN. My setup is as follows:

  • Debian or Ubuntu Linux desktop
  • WireGuard or OpenVPN on Linode or AWS
  • Default router IPv4:
Notice:Enter these commands on the Linux WireGuard VPN client, not on the WireGuard Linux server. In other words, this only applies to Linux desktop operating systems, not macOS or Windows 10/11 desktops.

Step 1 – Find Default Route Information

After connecting to WireGuard/OpenVPN, use the ip command to list the routing table:

This is what I see:ip route show

default via dev enp0s31f6 proto dhcp metric 100 dev lxdbr0 proto kernel scope link src dev ln-sg scope link metric 1000 4 dev ln-sg proto kernel scope link src metric 50 dev enp0s31f6 proto kernel scope link src metric 100


My WireGuard interface named "ln-sg" uses a metric of 50 in preference to the default metric of 100. So the trick is to add the IP address with a lower metric, passing it directly through the default gateway IP address.

Automatic indicator function description of IPv4 routing

router metricsIs the configuration value used to make routing decisions. Router metrics help a router choose the best route among multiple feasible routes to a destination. The route will be towards the gateway with the lowest metric. Router metrics are typically based on information such as path length, bandwidth, load, hop count, path cost, latency, maximum transmission unit (MTU), reliability, and communication cost.

Table 1: The following table outlines
My Linux Desktop Criteria used to assign metrics to routes
link/target/routemeasure (or any other IP/domain of your choice)10
breach of contract100

Step 2 – Find out the IP address

Use dig command or host command:

$ d='' $ dig +short A "$d" | grep -v '\.$' $ ips="$(dig +short A "$d" | grep -v '\.$') " $ echo "$ips"

Step 3 – Add the IP address to the routing table

Let's set some shell variables:

Let's use a bash for loop to add these IPs:my_gw="" #Default GW
metric="10" #Routing metric value

for i in $ips do sudo ip route add "$i" via "$my_gw" metric "$metric" done

Want to list newly added IP addresses? Use the ip command:

This is what I see:

$ ip route show $ ip route show | grep -w 'metric 10' via dev enp0s31f6 metric 10 via dev enp0s31f6 metric 10 

Step 4 – Test

Launch a web browser and access URL to test:

在 Linux 上从 WireGuard 或 OpenVPN 跳过 ChatGPT 的过程-1

Click to enlarge

Look. Here's what you can skip from WireGuard or OpenVPN on Linux domain methods.


Step 5 – Remove the IP address from the routing table

Use the ip command again as follows:
for i in $ips; do sudo ip route del "$i"; done

Step 6 – Create shell script for automation will change its IP address from time to time. So here is a generic script to add, remove and list the domain and some other domains that refuse to work when connected to a VPN.

routing.policy shell script

#!/bin/bash # routing.policy - Main script to add, remove and list routing policy # Author : Vivek Gite {} under GPLv 2.x+ # ----------- -------------------------------------------------- --------- set -e # Set metric and gateway as per your needs metric="10" my_gw="" domain=" static.xx" ips="" me="${0##*/}" # who am I? get_domain_ip_lists(){ for d in $domain do ips="${ips} $(dig +short A "$d" | grep -v '\.$')" done ips="${ips/$'\n'/ }" # remove '\n' ips="$(tr ' ' '\n'< <<"${ips}" | sort -u | xargs)" # remove duplicate ips } is_route_exists(){ local i="$1" out="$(ip route show "$i")" if [[ "$out" != "" ]] then return 0 # True else return 1 # False fi } add_opneapi_route(){ check_for_root_user echo "Adding ${ips/$'\n'/,} to routing table ..." 1>&2 for i in $ips do if ! is_route_exists "$i" then sudo ip route add "$i" via "$my_gw" metric "$metric" else echo "$me route for $i already exists, skipping ..." fi done } remove_opneapi_route(){ check_for_root_user echo " Removing ${ips/$'\n'/,} from routing table ..." 1>&2 for i in $ips do if is_route_exists "$i" then sudo ip route del "$i" via "$my_gw" else echo "$me route for $i not found, skiping ..." fi done } show_openapi_route_status(){ echo "Routing info for the '$domain' (${ips/$'\n'/,}) ..." # remove newline from the $ {ips} for i in $ips do ip route show "$i" done } check_for_root_user(){ if [[ $EUID -ne 0 ]]; then echo "$me script must be run as root" 1>&2 exit 1 fi } ## main ## get_domain_ip_lists # set '$ips' case "$me" in routing.policy.add) add_opneapi_route;; routing.policy.delete) remove_opneapi_route;; routing.policy.remove) remove_opneapi_route;; show_openapi_route_status;; routing. policy.status) show_openapi_route_status;; *) echo "Usage: routing.policy.add|routing.policy.delete|routing.policy.status";; esac


Use the ln command to create a soft link

First, use the chmod command
Set execution permissions Now set these links:

Use the ls command to verify:

Output:chmod +x -v routing.policy
mode of 'routing.policy' changed from 0664 (rw-rw-r--) to 0775 (rwxrwxr-x)
ln -sv routing.policy routing.policy.add
ln -sv routing.policy routing.policy.remove
ln -sv routing.policy routing.policy.delete
ln -sv routing.policy
ln -sv routing.policy routing.policy.status
ls -l routing.policy*

-rwxrwxr-x 1 vivek vivek 1913 Feb 3 00:07 routing.policy lrwxrwxrwx 1 vivek vivek 14 Feb 3 00:08 routing.policy.add -> routing.policy lrwxrwxrwx 1 vivek vivek 14 Feb 3 00:08 routing.policy. delete -> routing.policy lrwxrwxrwx 1 vivek vivek 14 Feb 3 00:08 routing.policy.remove -> routing.policy lrwxrwxrwx 1 vivek vivek 14 Feb 3 00:08 -> routing.policy lrwxrwxrwx 1 vivek vivek 14 Feb 3 00:08 routing.policy.status -> routing.policy

have a test:
sudo ./routing.policy.add
sudo ./routing.policy.status
traceroute #<--test routing
sudo ./routing.policy.delete


I tested using WireGuard and OpenVPN on my Debian and Ubuntu Linux desktops. It works like a charm and works with any other Linux distribution as long as the ip command is valid. In short, we can skip routing a specific IP address through a VPN connection on Linux (or any other operating system, such as macOS or BSD) as long as you can add routing rules to the system's routing table. You can add a hook to automatically run this script when NetworkManager is connected to the OpenVPN or WireGuard interface. For example, place the script in /etc/network/if-up.d/ and make it executable. This will run the script when the VPN interface comes online. Likewise, when you want to run a script when the VPN interface is down, place the script in /etc/network/if-down.d/. See the NetworkManager man page using the man command:
man 8 NetworkManager


Leave a Reply

Your email address will not be published. Required fields are marked *