See comment below. -----Original Message----- From: Patrick O'Callaghan [] Sent: dinsdag 21 augustus 2018 11:49 To: Subject: Re: Split tunnelling
On Mon, 2018-08-20 at 09:46 -0700, Samuel Sieb wrote: > On 08/20/2018 05:03 AM, Patrick O'Callaghan wrote: > > Has anyone got this to work in Fedora? To be clear, split tunnelling is > > when network traffic to some destinations (or for some apps) is > > tunnelled over a VPN, while the rest of the traffic goes through normal > > channels. I've tried messing with network namespaces, which would seem > > to be the way to go, but not managed to get everything lined up so far. > > All the howto's I've seen are for various flavours of Ubuntu. > > I don't know about apps, namespaces might work for that but I haven't > had any reason to try that yet. > > However, my openvpn connection only routes the private network subnets, > everything else goes over the regular network connection. I'm not sure I understand what you mean by "private network subnets". You mean it does this automatically, or you configured it that way? > The only > tricky part, which I haven't tried to solve, is that you can't resolve > private DNS entries from the VPN connection. This would likely be a > problem with a work VPN, unless you let the work DNS resolve everything. Indeed, that could be an issue. Poc ===================================================================== " To be clear, split tunnelling is > > when network traffic to some destinations (or for some apps) is > > tunnelled over a VPN, while the rest of the traffic goes through normal > > channels." No, not exactly. That is more an example of the use of multiple routes. Destination-A goes through gateway-A Destination-B goes through gateway-B All-else goes through default-gateway... Either GW-A or GW-B could be VPN. Split-tunneling is more that transmit and receive use different tunnels, Or traffic to SAME destination is load-balanced over multiple, parallel tunnels. "> tricky part, which I haven't tried to solve, is that you can't resolve > private DNS entries from the VPN connection." VPN-server processes can push routing info, and DNS-server addresses. AFAICR systems accept three DNS-resolvers. This can be tricky. If the VPN-process pushes three resolvers, the old ones will be gone (while the tunnel exists), Thus you are unable to resolve NON-vpn-URL's. Situation can get even more complicated, when using split-horizon DNS. Same URL with internally, and externally different IP-addresses. _______________________________________________ users mailing list -- To unsubscribe send an email to Fedora Code of Conduct: List Guidelines: List Archives: Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. _______________________________________________ users mailing list -- To unsubscribe send an email to Fedora Code of Conduct: List Guidelines: List Archives: