How to split VPN traffic on MacOS



    VPN
    VPN (Eng.Virtual Private Network - a generic name for technologies that allow one or more network connections (logical network) over another network (for example, the Internet) WikiPedia


    Suppose you are a developer and some of the resources (for example, a database) are located on a corporate network accessed through a VPN.

    If you look at all the available instructions on how to configure VPN on Mac OS, you will see that the authors tell you to check the box “send all traffic through VPN”, which leads to (Captain Evidence) all traffic goes through the VPN, which in turn imposes all restrictions of the corporate network (the ban on visiting certain resources, closed ports, etc.) or the restrictions of the anonymization service (narrow channel, long ping, etc.).

    The question arises - is it possible to only allow certain traffic through a VPN, and let the rest (main) traffic go through a regular channel without restrictions.

    This is done quite simply.



    Briefly go through the configuration of the VPN connection.

    Click on the “bullseye” in the upper left corner of the screen and select “System Settings”.


    Select "Network".


    Click on the "plus sign" in the list of network connections.


    We select “VPN” VPN


    type (in my case it is L2TP via IPSec)


    Fill in the connection parameters


    Do not set the “Send all traffic through VPN” checkbox


    Now we need to find out the interface through which the VPN traffic goes.

    We start ifconfig without a connected VPN. We


    connect the VPN and start ifconfig again.


    We see that the ppp0 interface has appeared.

    Now, by default, all traffic goes through a regular connection (not a VPN).

    Next, I need to connect to my server located at 192.168.0.20 through a VPN. To do this, we need to build a network route. We will use the regular unix-command route.

    sudo /sbin/route add -host 192.168.0.20 -interface ppp0
    


    Now all the traffic goes through my regular connection, and the traffic to the corporate server goes through the VPN.

    For convenience, create aliases for the add routes command in the ~ / .profile file

    alias server-vpn-up='sudo /sbin/route add -host 192.168.0.20 -interface ppp0'
    


    Now to raise the connection, you need to connect to the VPN and run the server-vpn-up command.

    An alternative option is to create the file / etc / ppp / ip-up, write to it [in my case]

    #!/bin/sh
    /sbin/route add 192.168.0.0/24 -interface $1
    


    and give execution rights

    sudo chmod +x /etc/ppp/ip-up
    


    After that, the route will be registered automatically after connecting to the VPN.

    What reefs can meet.

    1. There may be a conflict of IP addresses if the internal and external networks use the same address space (maybe I'm using the wrong term, please correct in the comments). Those. you have both a VPN and an internal home network located at 192.168.0 ... In my case, the solution was to reconfigure the home network to 10.0.1 ...

    2. When connecting a VPN, the corporate DNS 192.168.0.7 was automatically set. And although all traffic was supposed to go like not through a VPN, all sites stopped opening. This was decided by adding Google's DNS 8.8.8.8 and raising it to the very top.


    Also popular now: