split tunneling

Got a problem with Viscosity or need help? Ask here!

cellulosa

Posts: 2
Joined: Thu Nov 17, 2022 12:25 am

Post by cellulosa » Thu Apr 27, 2023 8:25 pm
When I connect with Viscosity it routes all traffic on the VPN.
Instead, I would like to continue using my normal connection to browse on Firefox, and only route a specific app - such as Safari or Transmission.
I know there is a way to route domains, but that isn't effective as it requires to know domain names/ips beforehand.

I understand MacOS Ventura is making this hard to achieve. Little Snitch is (supposedly) working on such a feature. Tailscale already allows to achieve something similar (as in, it creates its own tunnel via wireguard).

Is there any ETA to allow split tunneling with Viscosity? Or any indication on how to achieve this?

Thanks

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Thu May 11, 2023 2:30 am
Hi cellulosa,

I'm afraid we don't have an ETA for an "application routing" style feature. The information in the Routing Traffic For Websites & Applications KB article still applies:
We are currently working on adding a feature to Viscosity so applications can be easily routed through a VPN connection or normal network connection. We hope to have such a feature available in a future version of Viscosity, however please be aware that this is not something that will be available soon. In the meantime this article details how you can manually setup Viscosity to route traffic for many applications.
The way many commercial VPN Service Providers implement "application routing" in their own apps is to also run a SOCKS proxy on the VPN server, and then have their software re-bind certain applications locally to use this proxy. It's certainly possible to do something similar manually for apps that support using a SOCKS proxy. The steps would roughly look like:

1. Install a SOCKS proxy on the VPN server (if you're in control of it), or another external server (such as a VPS). Guides can be found online for how to do this for most Operating Systems and routers. Some commercial VPN Service Providers also provide ready-to-use SOCKS proxies.

2. Disable all traffic going through your VPN connection by default:
https://www.sparklabs.com/support/kb/ar ... connection

3. Make sure traffic for the SOCKS proxy travels through the VPN connection. If your SOCKS proxy is installed on the same machine as the OpenVPN server you shouldn't need to change anything. If it's running on a different server, make sure that server's IP address is routed through the VPN connection:
https://www.sparklabs.com/support/kb/ar ... connection

4. Configure the SOCKS server in the applications you want to use the VPN connection. This will be the IP address of the SOCKS server (typically the internal VPN IP address if running on the OpenVPN server - e.g. 10.8.0.1 - or the external IP address routed in the step above), along with the port number (typically 1080), and optionally a username and password (if set when installing the SOCKS proxy on the server). All web browsers support using a SOCKS proxy, as do many apps.

Some applications, such as Transmission, also support "binding" to a particular network interface. I'm afraid I have no idea if that works well for a VPN connection, if at all, however it's something else that's also worth a shot.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts Page 1 of 1