Route all traffic over VPN w/ working local ethernet IP?

Got a problem with Viscosity or need help? Ask here!

neilio

Posts: 2
Joined: Thu Apr 09, 2009 9:56 pm

Post by neilio » Fri Apr 24, 2009 12:26 pm
First of all, Viscosity is just awesome. Wanted to start with something positive. :)

Here's my dilemma: I have a mac mini at home that I use both as a home entertainment system as well as a staging / dev server. I want to be able to send certain ports over the VPN and have the rest routed via the the local IP / ethernet connection, because if I route all traffic over the VPN the router forwarding breaks.

Here's my setup:

Internet -> Modem -> Router -> Mac Mini

The router is using NAT and port forwarding to forward to the mini's local IP (which is 10.0.0.x). Everything works until I start up Viscosity and connect to the VPN - then all connections time out. I assume it's because the router forwards to 10.0.0.x, but the outgoing response is routed over the VPN's IP and not back via the original local IP.

Is this type of selective traffic routing (via port, or even destination IP) possible?

Thanks!

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri Apr 24, 2009 4:39 pm
Hi neilio,

Selective routing is possible via IP, but not via port number.

To specify routes in Viscosity, edit your connection, and click on the Networking tab. Click the small "+" button to specify routes. To specify a particular IP to go over the VPN connection, enter the IP address into the Route/IP field, enter a subnet mask of 255.255.255.255, and a Gateway of vpn_gateway. Click the Add button.

You can also do the reverse and specify IP ranges to not go through the VPN. To do this, create a new route as above, except enter net_gateway into the Gateway field instead.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

neilio

Posts: 2
Joined: Thu Apr 09, 2009 9:56 pm

Post by neilio » Mon May 11, 2009 12:12 pm
Thanks for the reply - I'm finally getting around to testing this out. I have a list of Ips in the networking preference pane that I want to route through the VPN connection with the following settings:

Route: (IP address)
Mask: 255.255.255.255
Gateway: vpn_gateway
Metric: default

All of the other fields in this pane are empty and no checkboxes are checked. When I connect Viscosity now, nothing works - I can't connect to any site whether it's listed in this pane or not.

Do I need to enter anything for "default gateway"? Or am I missing something?

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri May 15, 2009 9:58 pm
Do I need to enter anything for "default gateway"? Or am I missing something?
If it is a TUN based connection, no, you shouldn't need to.

If it is a TAP based connection (where you are getting your IP from a DHCP server), yes, you'll need to enter the IP of the router/gateway into the Default Gateway field. Alternatively, instead of entering "vpn_gateway" you can simply replace this with the IP address of the router/gateway.

If you have DNS support turned on, don't forget to also add a route for your VPN DNS server's IP address (otherwise it will seem like nothing is accessible). Or you can turn DNS support off (under the General tab) and just use your system's normal DNS server/s.

If you're still stuck, send a copy of your OpenVPN config file, and a copy of the OpenVPN log (available in the Details window) to [email protected] and I'll take a look for you (feel free to censor out sensitive addresses etc). You can find the OpenVPN config file at:
Your Home Directory->Library->Application Support->Viscosity->OpenVPN->#->config.conf

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
4 posts Page 1 of 1