Hi there,
I'm considering using Viscosity to route all my Internet traffic through a commercial VPN provider. However, I have an existing usenet subscription which provides an SSL encrypted connection over a designated port.
Given that any commercial VPN provider will be a bandwidth bottleneck, and that my usenet traffic is already encrypted, I'm reluctant to transfer this traffic via VPN.
For this reason I'm wondering if Viscosity has the ability to route all traffic over VPN except traffic over a designated port, or to a designated destination? If not, is this a limitation of Viscosity or of VPN protocols in general?
Thanks in advance for your help!
 |
|
 |
Possible to bypass VPN for traffic over certain ports?
6 posts
• Page 1 of 1
Possible to bypass VPN for traffic over certain ports?
by html » Sun Sep 12, 2010 12:55 am
- html
- Posts: 1
- Joined: Sun Sep 12, 2010 12:45 am
Re: Possible to bypass VPN for traffic over certain ports?
by James » Sun Sep 12, 2010 2:08 am
Hi html,
Your can specify for traffic to go through the VPN connection (or not) using custom routes. Routes are based off the destination IP address - it's not possible to route based off port numbers. In your case you probably want to do something like so:
1. Edit your connection in Viscosity
2. Click on the Networking tab
3. Click the small "+" button to add a new route. Enter "my.usenet.server.com" as the Route/IP (obviously replacing the text with the actual DNS name or IP address of your server), "255.255.255.0" as the mask, "net_gateway" as the Gateway, and leave the Metric field blank. Click Add.
4. Repeat step 3 if you use multiple servers.
Specifying net_gateway as the gateway will cause traffic the route matches to go through your normal network connection. Specifying a gateway of vpn_gateway will force traffic to go through the VPN.
Cheers,
James
Your can specify for traffic to go through the VPN connection (or not) using custom routes. Routes are based off the destination IP address - it's not possible to route based off port numbers. In your case you probably want to do something like so:
1. Edit your connection in Viscosity
2. Click on the Networking tab
3. Click the small "+" button to add a new route. Enter "my.usenet.server.com" as the Route/IP (obviously replacing the text with the actual DNS name or IP address of your server), "255.255.255.0" as the mask, "net_gateway" as the Gateway, and leave the Metric field blank. Click Add.
4. Repeat step 3 if you use multiple servers.
Specifying net_gateway as the gateway will cause traffic the route matches to go through your normal network connection. Specifying a gateway of vpn_gateway will force traffic to go through the VPN.
Cheers,
James
James Bekkema
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
-
James - Posts: 947
- Joined: Thu Sep 04, 2008 10:27 pm
Re: Possible to bypass VPN for traffic over certain ports?
by tobntno » Fri Sep 17, 2010 9:23 pm
Hello there,
I am trying to do something very simliar to this: I would like to select certain IP Adresses that should go through the VPN whereas everything else should go through the regular connection. How can I configure so I would only have to enter the addresses that should go through the VPN?
Thanks in advance
Gunther
I am trying to do something very simliar to this: I would like to select certain IP Adresses that should go through the VPN whereas everything else should go through the regular connection. How can I configure so I would only have to enter the addresses that should go through the VPN?
Thanks in advance
Gunther
- tobntno
- Posts: 1
- Joined: Fri Sep 17, 2010 9:15 pm
Re: Possible to bypass VPN for traffic over certain ports?
by James » Tue Sep 21, 2010 3:56 pm
Hi Gunther,
What you are asking to do is a two step process: first you need to make sure all network traffic is not going through the VPN connection by default, and then you need to specify the routes you want to go through the VPN connection.
Stopping All Network Traffic Going Through The VPN Connection
Firstly make sure that you have unticked the "Send all traffic over VPN connection" under the Networking tab like so:
1. Open Viscosity's Preferences window
2. Select your connection and click the Edit button
3. Click on the Networking tab and untick the "Send all traffic over VPN connection" checkbox
4. Click Save
If it appears all traffic is still being sent through the VPN connection, even with the above option unticked, it is probably being overridden by the VPN server. If you are in control of the OpenVPN server you should remove the appropriate option. If not, there are two ways around this: (1) to ignore the command being sent by the server, or (2) write your own up script script to override it.
(1) This option is easy to achieve - simply untick the "Pull Options" checkbox under the Options tab when editing your connection. However this means Viscosity/OpenVPN will ignore ALL settings sent by the server. So if your IP address, DNS server, etc comes from the server, then you'll also lose all this. Instead you can try leaving the option ticked and add the command "route-nopull" (no quotes) on a new line under the Advanced tab, and see if that does the trick.
(2) You can write your own up script to override the default route to be through your normal Internet connection. However this involves knowing how to write your own up scripts (see the OpenVPN man page for information about the up command), and editing the Mac OS X routing table.
Specifying Routes To Go Through The VPN Connection
Like the previous post, routes can be added under the networking tab as outlined below. However instead of using "net_gateway" as the Gateway, you use "vpn_gateway".
1. Edit your connection in Viscosity
2. Click on the Networking tab
3. Click the small "+" button to add a new route. Enter "my.server.com" as the Route/IP (obviously replacing the text with the actual DNS name or IP address of your server), "255.255.255.0" as the mask, "vpn_gateway" as the Gateway, and leave the Metric field blank. Click Add.
4. Repeat step 3 if you use multiple servers.
Cheers,
James
What you are asking to do is a two step process: first you need to make sure all network traffic is not going through the VPN connection by default, and then you need to specify the routes you want to go through the VPN connection.
Stopping All Network Traffic Going Through The VPN Connection
Firstly make sure that you have unticked the "Send all traffic over VPN connection" under the Networking tab like so:
1. Open Viscosity's Preferences window
2. Select your connection and click the Edit button
3. Click on the Networking tab and untick the "Send all traffic over VPN connection" checkbox
4. Click Save
If it appears all traffic is still being sent through the VPN connection, even with the above option unticked, it is probably being overridden by the VPN server. If you are in control of the OpenVPN server you should remove the appropriate option. If not, there are two ways around this: (1) to ignore the command being sent by the server, or (2) write your own up script script to override it.
(1) This option is easy to achieve - simply untick the "Pull Options" checkbox under the Options tab when editing your connection. However this means Viscosity/OpenVPN will ignore ALL settings sent by the server. So if your IP address, DNS server, etc comes from the server, then you'll also lose all this. Instead you can try leaving the option ticked and add the command "route-nopull" (no quotes) on a new line under the Advanced tab, and see if that does the trick.
(2) You can write your own up script to override the default route to be through your normal Internet connection. However this involves knowing how to write your own up scripts (see the OpenVPN man page for information about the up command), and editing the Mac OS X routing table.
Specifying Routes To Go Through The VPN Connection
Like the previous post, routes can be added under the networking tab as outlined below. However instead of using "net_gateway" as the Gateway, you use "vpn_gateway".
1. Edit your connection in Viscosity
2. Click on the Networking tab
3. Click the small "+" button to add a new route. Enter "my.server.com" as the Route/IP (obviously replacing the text with the actual DNS name or IP address of your server), "255.255.255.0" as the mask, "vpn_gateway" as the Gateway, and leave the Metric field blank. Click Add.
4. Repeat step 3 if you use multiple servers.
Cheers,
James
James Bekkema
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
-
James - Posts: 947
- Joined: Thu Sep 04, 2008 10:27 pm
Re: Possible to bypass VPN for traffic over certain ports?
by dethrophes » Wed Jul 18, 2012 2:09 am
Is is possible to grab the pulled routing script to use as a template?
Thanks
Thanks
- dethrophes
- Posts: 1
- Joined: Wed Jul 18, 2012 2:07 am
Re: Possible to bypass VPN for traffic over certain ports?
by James » Sat Jul 21, 2012 3:00 am
Hi dethrophes,
Do you mean to see what routes the OpenVPN server is pushing? If so, you can either use the "netstat -rn" command to see what routes were changed/added by OpenVPN, or you can up the logging level (using the verb command) and check the OpenVPN log in the Details window to see the routes added.
Cheers,
James
Do you mean to see what routes the OpenVPN server is pushing? If so, you can either use the "netstat -rn" command to see what routes were changed/added by OpenVPN, or you can up the logging level (using the verb command) and check the OpenVPN log in the Details window to see the routes added.
Cheers,
James
James Bekkema
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
-
James - Posts: 947
- Joined: Thu Sep 04, 2008 10:27 pm
6 posts
• Page 1 of 1
Return to Viscosity Support (Mac Version)
Who is online
Users browsing this forum: Google [Bot] and 1 guest
| Navigate Home Applications Blog About Support |
Support Support Home Documentation Knowledge Base Forum |
Community Blog Forum |
|
 |