This was a challenge I had since moving all my devices in the home onto separate VLANs with their own IP address ranges. The Linux client for ProtonVPN still has not implemented split tunnelling. If your client does have split tunnelling, you can ignore this workaround as you will not need it.
With split tunnelling you can specify an IP address, or IP addresses ranges, to bypass or not use the VPN. Without split tunnelling I could no longer access my Jellyfin server for example, if I activated ProtonVPN. With split tunnelling I can have the VPN active and still access my Jellyfin server, my Victron solar dashboard, my RSS reader service, etc.
The first part just runs a command from the terminal and will enable this. The second part is to just make it permanent between reboots.
As this adjusts the PC’s own local routing, it does not touch the actual VPN client or its config. This sits in front of that, so should work for any other VPN client too.
Get your Ethernet Device Name and Gateway IP
Before you start, just run ip a from the terminal and see what your Ethernet device name is, e.g. eth0 or enp4s0. The other thing to note is your IP address, as this will also indicate the gateway you use. So my IP address is 192.168.70.2, so my gateway is 192.68.70.1. If your address is 192.168.1.45 then your gateway should be 192.168.1.1 (it is the device or VLAN that issues your DHCP address data).
Decide what IP Address/Range to Bypass the VPN
In my case, I needed to access a server on 192.168.20.2. So I could specify this range as 192.168.70.0/24. But I have a number of VLANs all with ranges such as 192.168.50.0/24 and more. So, for this scenario, you could specify a range to bypass everything that starts with 192.168.x.x and use 192.168.0.0/16.
Test from Terminal
The command I ran was: sudo ip route add 192.168.0.0/16 via 192.168.70.1 dev enp4s0.
The key parts are: sudo ip route add RANGE via GATEWAY dev NETWORKCARD
If you can now access those IP addresses, then this is working.
Permanent solution
I’m using systemd, so this worked for me:
Create a new local route config file: sudo nano /etc/systemd/network/local-routes.network
Inside it, you can paste the following for multiple separated ranges, or like I did, I just did one range with the /16.
[Route]
Destination=<local_network_range_1>
Gateway=<your_gateway_ip>
[Route]
Destination=<local_network_range_2>
Gateway=<your_gateway_ip>Then you just restart the network service with sudo systemctl restart systemd-networkd and that should do it.
Credit though goes to Google Gemini for this solution, as I chiefly used it with some tweaks to get the range right.