I need to connect to a vendor app hosted on AWS using AWS client, but at the same time I would like to stay connected to my organisations network using pulse secure VPN.
Is it technically possible to establish two tunnels from a laptop at the same time?
“Yes”, although can definitely be finicky. If they are both “split tunnel”, meaning when you connect only the routes you need for the remote resources are added and they don’t conflict then it likely is fine. If both are “full tunnel” meaning your default route (0.0.0.0/0) is over the VPN, then all traffic is sent over the VPN. This can work if the other VPN is split-tunnel, if both are full tunnel it won’t work.
It can also depend on the VPN client, in my experience Cisco Anyconnect monitored the routing table on your machine and did not like if there were any modifications while it was running.
AWS’s Client is based on OpenVPN so I suspect that would act fine if another VPN were active, unsure about Pulsesecure.
You can try it, but it’s probably not going to work well or at all. You’ve got 2 things updating your routing tables, DNS settings, possibly FW rules, etc.
I use proton vpn and when I go on Tor I use that VPN as well. I run nord and proton at the same time when I’m on regular search as well. You have to tunnel it just right…
While it is technically a thing that can happen, explicit route entries need to exist for both tunnels and there needs to not be a security policy preventing it.
Another hitch to consider is DNS resolution. On a Windows system, you’re going to be hitting the DNS server of whichever VPN adapter is listed first in your adapter order, and name resolution will only default to the next adapter in the order on a miss.
This can produce some wierd and unintuitive outcomes.
Exactly this. We do not recommend running 2 VPNs due to DNS. An alternative solution would be using an overlay network where the endpoint can support and connect to 2 separate overlay networks. I work on an open source project called OpenZiti which does exactly this. Drawback if that the both of the existing VPN solutions would need to be replace so a non-starter I guess 