You are not logged in.
- Topics: Active | Unanswered
#1 2014-06-09 18:31:35
- s5s
- Member
- Registered: 2013-03-07
- Posts: 8
Exclude browser session from VPN session
Hi all,
I use a software VPN sometimes to connect to a remote LAN. I use vpnc and it creates a software tunnel interface. All my traffic then goes through the remote LAN. is there a way to have part of my traffic not go through the VPN? I'd like to have a separate browser session which is excluded from the VPN. Is this possible?
Offline
#2 2014-06-10 05:55:47
- Gcool
- Member
- Registered: 2011-08-16
- Posts: 1,456
Re: Exclude browser session from VPN session
It'll all depend a bit on how your vpn is set up exactly (routingwise). If it basically just creates a tunnel interface and routes all traffic through it, then there's not really an easy way of doing what you're asking (unless you start setting up explicit routes for everything you want to bypass).
If you have another remotely accessible box available somewhere, perhaps using an ssh tunnel would be an option.
Burninate!
Offline
#3 2014-06-11 07:49:19
- -Syu
- Member
- Registered: 2012-01-24
- Posts: 29
Re: Exclude browser session from VPN session
Actually, a SOCKS proxy would still abide by the IP routing rules. The browser session would only seem to originate from the proxy (from any web server's point of view), but the traffic would still go through the VPN first.
Hi all,
I use a software VPN sometimes to connect to a remote LAN. I use vpnc and it creates a software tunnel interface. All my traffic then goes through the remote LAN. is there a way to have part of my traffic not go through the VPN? I'd like to have a separate browser session which is excluded from the VPN. Is this possible?
Assuming that by "browser session" you mean HTTP and HTTPS traffic, you may be able to exclude traffic with the corresponding TCP ports as destination from the VPN route(s) by configuring your host's firewall. On the other hand, such a policy would apply to all web traffic, not just from within the browser.
Just to be sure, wouldn't it be an option for you to only route traffic through the VPN that needs to reach the other LAN, instead of routing everything through there by default?
Offline
#4 2014-06-11 09:15:23
- progandy
- Member
- Registered: 2012-05-17
- Posts: 5,280
Re: Exclude browser session from VPN session
I guess you'll have to set up policy based routing and use the process' group id to choose the route.
- create group novpn
- create new routing table with different default route (ip route)
- mark packets from group novpn (iptables)
- create rule to route marked packets with new routing table (ip rule)
- allow user to run browser with group novpn with sudo (edit sudoers)
- sudo -g novpn browser
PS: I've never set this up myself, but that is the first thing I'd try.
Just to be sure, wouldn't it be an option for you to only route traffic through the VPN that needs to reach the other LAN, instead of routing everything through there by default?
I believe the setup should be similar for that, basically just reverse the routing tables.
Last edited by progandy (2014-06-11 19:32:15)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
#5 2014-06-11 19:26:52
- -Syu
- Member
- Registered: 2012-01-24
- Posts: 29
Re: Exclude browser session from VPN session
-Syu wrote:Just to be sure, wouldn't it be an option for you to only route traffic through the VPN that needs to reach the other LAN, instead of routing everything through there by default?
I believe the setup should be similar for that, basically it just reverse the routing tables.
I was hoping he could avoid the hassle and use an HTTP proxy in that case.
With "hassle" I mean no offense, btw. Your idea is brilliant.
Offline