home | list info | list archive | date index | thread index

Re: Segregating VPN traffic

Hi Aaron,

This is my first time posting on this list. (hello everybody).

I actually just set this up 2 days ago on my pfSense router at home. My router maintains a connection to my ISP as well as a virtual VPN gateway. You can setup a combination of NAT and iptables to selectively route some internal traffic over the VPN gateway right before it leaves the house based on the IP address of the computer on your network. You can even get fancy and run some programs in separate linux network namespaces and route certain programs over the VPN gateway without having to route an entire host or VM.

All this depends on what your router is and what the VPN server software is.

In my case this post got my 80% of the way there:
https://forum.netgate.com/topic/65970/solved-routing-some-traffic-static-ips-through-openvpn-over-pia

It's a little involved, but I didn't even have to open a terminal.

If you don't want want to touch the home router, running all your work programs in a VM with the vpn software is the easiest solution, or you can avoid a VM with linux network namespaces and SNAT:
https://medium.com/@havloujian.joachim/advanced-docker-networking-outgoing-ip-921fc3090b09

I hope that's enough information to pick a solution that works best for you. I can provide more details about a particular setup if you want to know more.

-Chris

On Mon, Jul 6, 2020, at 5:57 PM, Aaron Wilcox wrote:
> I've been using Remmina to log into my work computer via RDP, but 
> they've decommissioned the old Windows SBS 2011 server and now we will 
> have to use their VPN to access their network. They have said that this 
> will result in all of my home computer's internet traffic being routed 
> through their network, as long as I'm connected to their VPN.
> 
> Is there a way to segregate the work-related VPN traffic from my 
> personal traffic (i.e.: have work-related traffic go through the VPN 
> connection, and all other traffic go through a connection to my home 
> ISP)? Could this be done by using a virtual system to connect to the 
> VPN, while leaving the host connected to my home ISP?
> 
> -- 
> Linux Mint Logo *Aaron Wilcox* *e:* aaron [ dot ] s [ dot ] wilcox [ at ] gmail [ dot ] com
> *e:* aaron [ dot ] wilcox [ at ] sympatico [ dot ] ca
> Attachments:
> * 2000px-Linux_Mint_Official_Logo.svg.png

To unsubscribe send a blank message to linux+unsubscribe [ at ] linux-ottawa [ dot ] org
To get help send a blank message to linux+help [ at ] linux-ottawa [ dot ] org
To visit the archives: https://lists.linux-ottawa.org

replies

references

message navigation