Total Pageviews

Friday 18 May 2018

Split Tunnel VPN Routing for Mac

Simple app to make it easy to set up and maintain Split Tunneling over VPN on Mac OS X. 

This is a simple script that makes it super easy for you to manage one or more VPN connections with split tunneling.
In particular this makes it very easy to connect to multiple VPNs simultaneously, and all traffic is kept going to the right place at the right time.

Installation

$ git clone https://github.com/vube/mac-split-tunnel-vpn.git
$ cd mac-split-tunnel-vpn
$ sudo install -c -m 0755 ip-up.php /etc/ppp/ip-up
$ cd /etc/ppp
$ sudo ln -sf $HOME/.routes.json routes.json

Configuration

You only need a file in your home directory that contains the routes. In the install instructions, we symlink'd the routes.json config file to your home directory, a file named $HOME/.routes.json

Example $HOME/.routes.json file

{ "remotes": {
 "1.2.3.4": [
  "9.8.7"
 ]
} }
The above example will route all the traffic for the class C block 9.8.7.* to your VPN server whose IP is 1.2.3.4

Configuring your VPN

You must configure your VPN such that the "Send all traffic over VPN connection" checkbox is not checked in the Advanced settings screen.
See below for an example of a correctly configured VPN.
Screenshot of VPN Advanced Settings Dialog

Advanced Example $HOME/.routes.json file

{ "remotes": {
    // Simple end-of-line comments like this are allowed
    // VPN #1
 "1.2.3.4": [
  "9.8.7", // one network
  "8.7.6", // another network
  "7.6.5" // yet a third network
 ],
 // VPN #2
 "2.3.4.5": [
  "4.5.6", // first network for VPN 2
  "5.6.7" // second network for VPN 2
 ]
} }
The above file configures 2 VPNs, 1.2.3.4 and 2.3.4.5
There are 3 networks routed through the 1.2.3.4 VPN: 9.8.7.*, 8.7.6.* and 7.6.5.*
There are 2 networks routed through the 2.3.4.5 VPN: 4.5.6.* and 5.6.7.*

Reconnect to VPN for changes to take effect

After editing your $HOME/.routes.json file, you must disconnect from and reconnect to your VPN for the changes to take effect.

Why use this

This allows you to set up your VPN links such that the ONLY traffic that goes over the VPN is traffic that really NEEDS to be on the VPN link. All other traffic will go over your default internet connection, which means you will have the fastest possible Internet speed at all times.
This routing manager uses a JSON file to keep track of which routes you really need to go to your VPN so then you can just edit that file if/when there are updates to it. No need to think about system utilities etc. Edit a file, reconnect to VPN, voila!

Log for troubleshooting purposees

Each time you connect to a VPN, a log message is written in /tmp/ppp.ip-up.log so you can see exactly what is happening.

Example log

VPN Connection at 2014-04-22 12:15:01
System arguments:
 [0] path to this script: '/etc/ppp/ip-up'
 [1] pppd Interface name: 'ppp1'
 [2] TTY device name: ''
 [3] TTY devide speed: '0'
 [4] Local IP: '192.168.200.2'
 [5] Remote IP: '1.2.3.4'
 [6] pppd ipparam option: 'x.x.x.x'
Configuring routes for 1.2.3.4
Exec: /sbin/route add -net '9.8.7' -interface 'ppp1' 2>&1
add net 9.8.7: gateway ppp1
In the above log dump, the remote VPN IP is 1.2.3.4 which you can see in the System arguments dump near [5] Remote IP: '1.2.3.4'
If you are unsure what your actual VPN IP address is, connect to your VPN and then look at this log file to see what the Remote IP is. The Remote IP is what you need to list in your $HOME/.routes.json file as the VPN identifier.

from  https://github.com/vube/mac-split-tunnel-vpn

No comments:

Post a Comment