I have a very specific requirement for my setup.
I have bought a third-party VPN (e.g. ExpressVPN) for personal use. I use Mac's inbuilt client to connect to this. The corresponding network interface is called ppp0
.
My workplace requires me to use the Cisco Anyconnect VPN (referred to as "workVPN") with split tunneling. The corresponding network interface is called utun1
.
Therefore my current setup is as follows: Irrespective of the checkbox in PersonalVPN to "send all data through this VPN", when I connect to WorkVPN through Cisco Anyconnect, this is the routing:
Data to Work -> utun1 -> ppp0 -> en0 -> PersonalVPN Server -> WorkVPN server -> Data sent to work server
Other data -> ppp0 -> en0 -> PersonalVPN Server -> Internet
.Instead, I want two separate connections: I would like to send all my internet traffic through ppp0
except the ones that pass through utun1
. i.e.
Data to Work -> utun1 -> en0 -> WorkVPN server -> Data sent to work server
Other data -> ppp0 -> en0 -> PersonalVPN Server -> Internet
.What I understand after going through everything on the Internet is to update the routing tables. But that doesn't solve the issue. Because according to the routing tables, the data is being routed to correct network interfaces. Using traceroute
for debugging also doesn't help, because the first entry in the traceroute
shows the gateway. And the gateway entry is correct because the packet is actually going to that VPN specific gateways. The question is whether the WorkVPN packet is going through the personal VPN server or not.
Here are specific queries:
utun1
is ppp0
and not en0
. Is there a better way to confirm this? Traceroute has first entry to the gateways, which are correct (because of correct routing tables).utun1
through en0
?I can provide more information if anything is unclear.
Thank you.
Edit: My problem is different from other problems like this because I am not asking for proxy requirements through different sources. It is also different from all questions related to splitting the traffic manually because they are being split correctly in my setup.
After going through a lot more answers and many more testing, I finally resolved all these queries.
There is a tool called nettop
for Mac OS. Using nettop -m route
, one can observe live traffic through each route. It can help to debug the underlying route of Cisco Anyconnect. Download a large file and watch the relevant routes of nettop to see which routes and interfaces are being used for that download.
It turns out, I had to add a route that connects through en0
interface, and don't have to let the MacOS's native VPN client update it. I used the following command to add the route (which is also mentioned in other relevant forums): sudo route change <IP-address> -iface en0
The IP address is the IP address of the VPN server that Cisco Anyconnect tries to connect to. You can see the IP address in the "Server Address" field in the Anyconnect Statistics window.
This checkbox "Send all data through this proxy" acts as a default routing mechanism. Either:
I hope this helps someone who is looking to establish a similar setup.
이 기사는 인터넷에서 수집됩니다. 재 인쇄 할 때 출처를 알려주십시오.
침해가 발생한 경우 연락 주시기 바랍니다[email protected] 삭제
몇 마디 만하겠습니다