So I often travel for business and need access to my home network. I log in and then SSH to machines for access or use local IP addresses with specific ports for access to NAS, etc.
I’m able to do this, but I believe currently when I do so I’m then routing -all- my laptop WAN traffic though that connection, which slows things down.
I want to ONLY send traffic that is bound to that specific LAN through that VPN connection and all other traffic through local wifi (and even through a separate local VPN connection if possible, that would be bonus but not necessary).
I believe this is what is called split tunneling, but I’m not at all understanding how to set this up and whether some protocols (openvpn or wireguard would be my two choices. I use tunnelblick as my Mac client, would be happy to use something else if it would help.
If anyone might take the time to help, it would be appreciated.
You’ve basically got it all. Tunnelblick has an option to “route all traffic via this VPN” - turn that off and I think you should be good.
If you want to connect to your home split-tunnel VPN and also another VPN for internet traffic, you’ll probably need a route installed telling your computer to use the local WiFi for your home VPN server IP. Otherwise you’d be doing VPN-over-VPN instead of running them along side each other.
That’s how I thought it worked but I have that option already turned off.
Using pingplotter when I have the VPN open to my home network and I’m pinging both a local server on my home network and also 8.8.8.8 I get about 80ms ping to google.
As soon as I close the VPN connection I lose my ping to my server obviously, but the routes to google change immediately and the ping drops from 80ms to 17.
So something obviously is changing in the routing of traffic that -should- be split, but is not.
Does that make sense? Am I missing something?
Open up a terminal and run “netstat -nr” both when connected to VPN and not.
You should see a default or 0.0.0.0 route near the top; that’s where your internet traffic will go.
You could also run “curl icanhazip.com” to get your apparent public IP easily and verify whether it changes.
If your Openvpn configuration file had “redirect-gateway def1” in it, that will override the tunnelblick setting. Make sure that’s not in your openvpn config and re-import if necessary.
I get two different Ips when running curl icanhazip.com with and without VPN enabled. With the VPN on I see my public IP for the LAN at home as the result here running on this laptop.
My client side config file only has the following options - I don’t see the one you mention. (Could there be a VPN server side configuration that would force this to occur?):
client
dev tun
proto udp
remote xxxxxxxx (removed for security)
resolv-retry infinite
nobind
persist-key
persist-tun
compress
remote-cert-tls server
mute-replay-warnings
key-direction 1
cipher AES-128-CBC
verb 1
mute 20