whats the best way to configure openvpn clients to go selectively go about using an openvpn connection? i want to setup a vpn server for friends in china, but i dont want them to use it for everything, just so they can access sites like youtube, facebook, cnn, etc. while they are in china through the vpn (these are blocked).
it would be nice if the vpn was a backup, so for instance if they are trying to go to facebook (which is blocked), it would go through the vpn connection once finding that the normal connection does not work.
this would save a lot of bandwidth cost actually, and give them a better browsing experience.
is this a iptable route thing? or a dns server that i push to my clients?
Best Answer
I would suggest setting up a transparent Squid proxy on your end accessible through the VPN and not push any routes (besides the OpenVPN subnet obviously) and have them install something like FoxyProxy in Firefox as their proxy client. FoxyProxy supports patterns, so you can have them add the sites you want to proxy through your VPN for them (*.facebook.com, etc.).
You'll also have the benefit of logging (they're your friends, but still) and caching (at least saving you some upstream bandwidth) with Squid.