Unless something like Multipath TCP is used, TCP connections won’t ever change their interface. If traffic arrives from remote host A at interface Y, answers will (generally) leave through interface Y, even if the best matching route (to host A) might lead elsewhere. Provided, of course, that interface Y has a route leading to host A.
OpenVPN in its most-used redirect-gateway def1
configuration does not overwrite routes. Instead, it leverages how route matching is done: The most specific matching route is selected. Generally, you’d have a 0.0.0.0/0
route (aka default route) pointing at your internet gateway (or whatever). This route matches everything. More specific routes are usually present too, leading to your local network(s). OpenVPN creates two new routes: 0.0.0.0/1
and 128.0.0.0/1
. Again, these routes match everything, but are selected over your previous default route, because they are more specific. Bottom line: Interface Y can still reach “everything”.
Generally, a VPN connection does not hinder incoming traffic on other interfaces. As such, it should work without additional setup.