• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Split VPN for only one subnet or protocol

Scheduled Pinned Locked Moved OpenVPN
5 Posts 2 Posters 682 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    redfish
    last edited by Jun 2, 2023, 1:21 PM

    Hello,
    We have Netgate appliances setup with OpenVPN that works fine. We checked "Force all client-generated IPv4 traffic through the tunnel." and it works as expected, however we need now to split VPN traffic for MS Teams in order to let the "media streams" flow directly to/from Microsoft to reduce latency.
    All the doc I found for Split Tunneling shows the opposite, define what traffic goes through the tunnel (by providing routes and disabling "Force all client-generated IPv4 traffic through the tunnel.".
    Can I push routes to the client to override "Force all client-generated IPv4 traffic through the tunnel." or there is another way to set exceptions ?

    Thank you

    Patrick

    M 1 Reply Last reply Jun 2, 2023, 1:52 PM Reply Quote 0
    • M
      michmoor LAYER 8 Rebel Alliance @redfish
      last edited by Jun 2, 2023, 1:52 PM

      @redfish Is it just Teams or do you want to have ONLY your private LAN traffic to go through the tunnel and all other traffic bypass VPN?

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      R 1 Reply Last reply Jun 2, 2023, 2:43 PM Reply Quote 0
      • R
        redfish @michmoor
        last edited by Jun 2, 2023, 2:43 PM

        @michmoor
        Hello,
        For the time being it is just Teams (and only the media flow, 13.107.64.0/18 being one of the ranges), we may add some other exceptions later but the default rule is for remote users to use the VPN for all traffic (except Teams media for now).

        Thank you

        M 1 Reply Last reply Jun 2, 2023, 3:07 PM Reply Quote 0
        • M
          michmoor LAYER 8 Rebel Alliance @redfish
          last edited by Jun 2, 2023, 3:07 PM

          @redfish i think something like this
          push "route 13.107.64.0 255.255.192.0 net_gateway"

          Firewall: NetGate,Palo Alto-VM,Juniper SRX
          Routing: Juniper, Arista, Cisco
          Switching: Juniper, Arista, Cisco
          Wireless: Unifi, Aruba IAP
          JNCIP,CCNP Enterprise

          1 Reply Last reply Reply Quote 0
          • R
            redfish
            last edited by Jun 5, 2023, 8:16 AM

            Thank you, that made it.
            I did not expect that I could use Client Specific Overrides to add a route on top of "Force all client-generated IPv4 traffic through the tunnel."

            👍

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received