Simple app to make it easy to set up and maintain Split Tunneling over VPN on Mac OS X.
In particular this makes it very easy to connect to multiple VPNs simultaneously, and all traffic is kept going to the right place at the right time.
Example
The above example will route all the traffic for the class C block
See below for an example of a correctly configured VPN.
Advanced Example
The above file configures 2 VPNs,
There are 3 networks routed through the
There are 2 networks routed through the
This routing manager uses a JSON file to keep track of which routes you really need to go to your VPN so then you can just edit that file if/when there are updates to it. No need to think about system utilities etc. Edit a file, reconnect to VPN, voila!
If you are unsure what your actual VPN IP address is, connect to your VPN and then look at this log file to see what the Remote IP is. The Remote IP is what you need to list in your
from https://github.com/vube/mac-split-tunnel-vpn
------
vpnc split tunnel script
--------
相关帖子:https://briteming.blogspot.com/2019/11/vpn-slice.html
Split Tunnel VPN Routing for Mac
This is a simple script that makes it super easy for you to manage one or more VPN connections with split tunneling.In particular this makes it very easy to connect to multiple VPNs simultaneously, and all traffic is kept going to the right place at the right time.
Installation
$ git clone https://github.com/vube/mac-split-tunnel-vpn.git
$ cd mac-split-tunnel-vpn
$ sudo install -c -m 0755 ip-up.php /etc/ppp/ip-up
$ cd /etc/ppp
$ sudo ln -sf $HOME/.routes.json routes.json
Configuration
You only need a file in your home directory that contains the routes. In the install instructions, we symlink'd theroutes.json
config file to your home directory, a file
named $HOME/.routes.json
Example $HOME/.routes.json
file
{ "remotes": {
"1.2.3.4": [
"9.8.7"
]
} }
9.8.7.*
to your VPN
server whose IP is 1.2.3.4
Configuring your VPN
You must configure your VPN such that the "Send all traffic over VPN connection" checkbox is not checked in the Advanced settings screen.See below for an example of a correctly configured VPN.
Advanced Example $HOME/.routes.json
file
{ "remotes": {
// Simple end-of-line comments like this are allowed
// VPN #1
"1.2.3.4": [
"9.8.7", // one network
"8.7.6", // another network
"7.6.5" // yet a third network
],
// VPN #2
"2.3.4.5": [
"4.5.6", // first network for VPN 2
"5.6.7" // second network for VPN 2
]
} }
1.2.3.4
and 2.3.4.5
There are 3 networks routed through the
1.2.3.4
VPN: 9.8.7.*
, 8.7.6.*
and 7.6.5.*
There are 2 networks routed through the
2.3.4.5
VPN: 4.5.6.*
and 5.6.7.*
Reconnect to VPN for changes to take effect
After editing your$HOME/.routes.json
file, you must disconnect from and reconnect to
your VPN for the changes to take effect.Why use this
This allows you to set up your VPN links such that the ONLY traffic that goes over the VPN is traffic that really NEEDS to be on the VPN link. All other traffic will go over your default internet connection, which means you will have the fastest possible Internet speed at all times.This routing manager uses a JSON file to keep track of which routes you really need to go to your VPN so then you can just edit that file if/when there are updates to it. No need to think about system utilities etc. Edit a file, reconnect to VPN, voila!
Log for troubleshooting purposees
Each time you connect to a VPN, a log message is written in/tmp/ppp.ip-up.log
so you
can see exactly what is happening.Example log
VPN Connection at 2014-04-22 12:15:01
System arguments:
[0] path to this script: '/etc/ppp/ip-up'
[1] pppd Interface name: 'ppp1'
[2] TTY device name: ''
[3] TTY devide speed: '0'
[4] Local IP: '192.168.200.2'
[5] Remote IP: '1.2.3.4'
[6] pppd ipparam option: 'x.x.x.x'
Configuring routes for 1.2.3.4
Exec: /sbin/route add -net '9.8.7' -interface 'ppp1' 2>&1
add net 9.8.7: gateway ppp1
In the above log dump, the remote VPN IP is 1.2.3.4
which you can see in the
System arguments dump near [5] Remote IP: '1.2.3.4'
If you are unsure what your actual VPN IP address is, connect to your VPN and then look at this log file to see what the Remote IP is. The Remote IP is what you need to list in your
$HOME/.routes.json
file as the VPN identifier.from https://github.com/vube/mac-split-tunnel-vpn
------
vpnc split tunnel script
vpnc-split-tunnel
Overview
Basic script to be used inconjunction vpnc-scipt (comes with the installation of vpnc). This script also leverages dnsmasq to allow for you to define specific domains to query over the VPN connection while forwarding the rest of your dns queries to your local DNS. This allows for a truely transparent split tunnel experience.Dependencies
- vpnc
- dnsmasq
Setup
- Install the dependencies
- Copy
vpnc-split-tunnel.sh
to/etc/vpnc/
- Modify your existing
vpnc.conf
to referencevpnc-split-tunnel.sh
using the "Script" variable - Start vpnc and verify the routes with
netstat -rn
Configuration
Defaults
By defaultvpnc-split-tunnel.sh
assumes the following:- The DNS server(s) are pushed from the VPN gateway
- The domain(s) are pushed from the VPN gateway
vpnc-split-tunnel.sh
:INTERNAL_IP4_DNS
Set this variable to your DNS server IPs beyond the VPN gatewayCISCO_DEF_DOMAIN
Set this variable to the domains of servers you would like to access by internal DNS
Additional Options
SUBNET_LIST
Add a list of additional internal subnets to be accessible over the split tunnel.RESOLV_CONF
Locatin of resolv.confDNSMASQ_CONF
Location of where to put thednsmasq.conf
that will be generated by this scriptDNSMASQ_CONF_BACKUP
Location of where to put the dnsmasq.conf backup file if a file exists before we generate the VPN specific configDNSMASQ_LISTEN
The IP the dnsmasq daemon will bind toDNSMASQ_BIN
dnsmasq binary
--------
相关帖子:https://briteming.blogspot.com/2019/11/vpn-slice.html