Linux: How to route specific hosts around VPN

If you have a VPN active which routes all traffic through it, you might want to route specific hosts around the VPN. This can be useful for services that block VPNs, or for services that are faster when accessed directly.

On Linux, you can do that by adding a route with a lower metric, which is more specific (i.e. covers fewer IP addresses). Within every set of routes with the same specificity, the priority of the route is determined by the metric, with lower metrics being preferred.

The following command adds a route for a specific host (my.server.com - only this specific IP address: /32) via a specific gateway (192.168.178.1), with a metric of 10.

Since /32 is as specific as it gets, this route will only be used for the exact IP address my.server.com and not for any other IP addresses - but more importantly, it will always be preferred over the VPN route. Technically the metric is not needed but I like to set it explicitly to avoid confusion.

sudo ip route add $(dig +short my.server.com)/32 via 192.168.178.1 metric 10

As gateway, choose the direct gateway on the internet connection you are using (e.g. your router’s IP address).