Skipping VPN for specific sites

Got a problem with Viscosity or need help? Ask here!

victrix

Posts: 6
Joined: Fri Mar 06, 2015 1:14 pm

Post by victrix » Sun Sep 18, 2016 4:25 am
Hello,

i'm wondering if there is an easy way to skip the VPN connection to load directly specific sites.

So far the best solution i've found it's this little tool:
http://hmastuff.com/HMA_UNrouting_Utility.zip

Of course I am already aware you can do it using the command prompt in windows and setting up manually the routing rules and that tool is just doing that for the user, making it much easier.

The only minor setback is that I have to load HMA_Unrouting every time I connect to my VPN.

I am wondering if i can do the same through the Viscosity client or setting up a rule on my OpenVPN access server.
And how, eventually?

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Mon Sep 19, 2016 12:13 pm
Hi victrix,

Routing in Viscosity is the only method we have available at this time - http://sparklabs.com/support/kb/article ... lications/

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

victrix

Posts: 6
Joined: Fri Mar 06, 2015 1:14 pm

Post by victrix » Tue Sep 20, 2016 3:35 am
Eric wrote:
Hi victrix,

Routing in Viscosity is the only method we have available at this time - http://sparklabs.com/support/kb/article ... lications/

Regards,
Eric
Hello Eric,

First, thanks for your help :)

That feature would be perfect for me but apparently I can't make it work.
Hope you or some forum user can help me with this.

Let's assume I want all my traffic to go through my normal network but a few sites that I want to access through VPN.

I've followed the steps suggested in the Specifying Traffic To Go Through The VPN Connection inserting manually the ip addresses of those sites, their mask and choosing "vpn_gateway" as their gateway. Since it didn't worked I tried also to use the Ip address of my remote OpenVPN server gateway instead of "vpn_gateway".

It's not clear to me if I should check the Send all traffic over VPN connection checkbox or not: in the image it is checked, in the text it isn't mentioned at all. So i've tried both.

Also, i've left the Default gateway blank - it is correct?
Since it didn't worked I tried to insert my local gateway with the same result.

Some extra informations.

System: Windows 10 64
Remote server: OpenVPN Access server 2.1.2
Remote server VPN mode: Layer 3 (routing/NAT)
Remote server routing settings:
Should VPN clients have access to private subnets (non-public networks on the server side)? NO
Should clients be allowed to access network services on the VPN gateway IP address? YES
Should client Internet traffic be routed through the VPN? YES/NO*
*tried both

Here is what happens:

Should client Internet traffic be routed through the VPN? YES
No matter the settings in Viscosity, all the traffic go through the VPN.

Should client Internet traffic be routed through the VPN? NO
Send all traffic over VPN connection Checked
Network not working, can't access any site, ping itself won't work.

Should client Internet traffic be routed through the VPN? NO
Send all traffic over VPN connection Unchecked
Network working regularly, all the traffic goes through my normal network but I can't access (or ping) any of the addresses i would like to access through the VPN.

So, where is my mistake? :)

victrix

Posts: 6
Joined: Fri Mar 06, 2015 1:14 pm

Post by victrix » Tue Sep 20, 2016 8:50 am
Ok, looks like I made it ^__^

Just in case a semi-noob like me will need it in future, here is how to make it work.

How to use a VPN connection just for some specific sites while keeping the rest of the traffic on the standard network

First, since I was also running the server, I've reinstalled OpenVPN using your instruction avalaible here:
http://sparklabs.com/support/kb/article ... viscosity/
(of course those are for Centos, there are tutorial for every main Linux Distro)

Can't say if it is a key factor, previously I tried to connect to a OpenVPN Access Server and it has a slightly different setup and I guess it was maybe trying to push some config parameter...so who knows.

Viscosity configuration, under Networking tab.

Sed all traffic over VPN connection - Unchecked
Default Gateway - Blank

Additional routes to insert manually:

0.0.0.0 with subnet mask 0.0.0.0 and net_gateway ("local network gateway")

Then i've listed all the IP / IP ranges for which I want to connect through the VPN connection.

For example:

1.2.3.0 with its custom subnet mask (i.e. 255.255.255.0) and vpn_gateway
2.3.4.5 with its custom subnet mask (i.e. 255.255.255.255) and vpn_gateway

Remember to insert the DNS servers addresses (i.e. 8.8.4.4 and 8.8.8.8), save, reconnect...et voilà! Works like a charm.

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Tue Sep 20, 2016 1:42 pm
Hi Victrix,

Glad you got it working. The only thing worth noting, the 0.0.0.0 route should not be necessary unless you server is pushing the redirect-gateway option. You may wish to check what option your server is pushing is remove this one as it probably isn't desired for you.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
5 posts Page 1 of 1