I have a very specific requirement for my setup.
I have bought a third-party VPN (e.g. ExpressVPN) for personal use. I use Mac's inbuilt client to connect to this. The corresponding network interface is called ppp0.
My workplace requires me to use the Cisco Anyconnect VPN (referred to as "workVPN") with split tunneling. The corresponding network interface is called utun1.
Therefore my current setup is as follows: Irrespective of the checkbox in PersonalVPN to "send all data through this VPN", when I connect to WorkVPN through Cisco Anyconnect, this is the routing:
Data to Work -> utun1 -> ppp0 -> en0 -> PersonalVPN Server -> WorkVPN server -> Data sent to work serverOther data -> ppp0 -> en0 -> PersonalVPN Server -> Internet.Instead, I want two separate connections: I would like to send all my internet traffic through ppp0 except the ones that pass through utun1. i.e.
Data to Work -> utun1 -> en0 -> WorkVPN server -> Data sent to work serverOther data -> ppp0 -> en0 -> PersonalVPN Server -> Internet.What I understand after going through everything on the Internet is to update the routing tables. But that doesn't solve the issue. Because according to the routing tables, the data is being routed to correct network interfaces. Using traceroute for debugging also doesn't help, because the first entry in the traceroute shows the gateway. And the gateway entry is correct because the packet is actually going to that VPN specific gateways. The question is whether the WorkVPN packet is going through the personal VPN server or not.
Here are specific queries:
utun1 is ppp0 and not en0. Is there a better way to confirm this? Traceroute has first entry to the gateways, which are correct (because of correct routing tables).utun1 through en0?I can provide more information if anything is unclear.
Thank you.
Edit: My problem is different from other problems like this because I am not asking for proxy requirements through different sources. It is also different from all questions related to splitting the traffic manually because they are being split correctly in my setup.
After going through a lot more answers and many more testing, I finally resolved all these queries.
There is a tool called nettop for Mac OS. Using nettop -m route, one can observe live traffic through each route. It can help to debug the underlying route of Cisco Anyconnect. Download a large file and watch the relevant routes of nettop to see which routes and interfaces are being used for that download.
It turns out, I had to add a route that connects through en0 interface, and don't have to let the MacOS's native VPN client update it. I used the following command to add the route (which is also mentioned in other relevant forums): sudo route change <IP-address> -iface en0 The IP address is the IP address of the VPN server that Cisco Anyconnect tries to connect to. You can see the IP address in the "Server Address" field in the Anyconnect Statistics window.
This checkbox "Send all data through this proxy" acts as a default routing mechanism. Either:
I hope this helps someone who is looking to establish a similar setup.
이 기사는 인터넷에서 수집됩니다. 재 인쇄 할 때 출처를 알려주십시오.
침해가 발생한 경우 연락 주시기 바랍니다[email protected] 삭제
몇 마디 만하겠습니다