VPN - Split Tunneling

Comments

9 comments

  • Avatar
    Jack Cheng

    Edit your Firewalla.ovpn file and add the following before the "compress" line.

    route-nopull
    route 192.168.2.0 255.255.255.0
    route 10.100.155.0 255.255.255.0

    Replace 192.168.2.0 with your LAN IP
    Replace 10.100.155.0 with your VPN IP provided by Firewalla (Not sure if it is necessary, but it works for me)
    Add other routes you need to go through the VPN

    Save the file as new profile such as "Firewalla-split.ovpn" so that you can have the choice to split or not.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Thanks Jack, linked this thread to our VPN server document!

    0
    Comment actions Permalink
  • Avatar
    Sukumar Patel

    What about the 4G network? How do we configure it for that?

    0
    Comment actions Permalink
  • Avatar
    Erik Dasque

    @Firewalla how would you go about doing this with Wireguard?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    You need to modify the wireguard profile, this 'split tunnel' is a function of the client. 

    example: https://www.reddit.com/r/selfhosted/comments/b5pymz/split_tunnel_in_wireguard/

     

    0
    Comment actions Permalink
  • Avatar
    Vince Balsamo

    @firewalla, this seems like something you guys could simplify with a simple toggle and check list of routes networks, any plans?

    2
    Comment actions Permalink
  • Avatar
    Philip Doolittle

    UPDATE:  That was my mistake. I inadvertently selected "Preferred" instead of "Legacy".  All is well now.

    The solution above no longer works. When connecting it complains that the "server pushed compression settings that are not allowed"

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @Philipe, can you reply with a screenshot? Is this from the client? is it the official wireguard app?

    1
    Comment actions Permalink
  • Avatar
    Philip Doolittle

    @firewalla - That was my mistake. I inadvertently selected "Preferred" instead of "Legacy".  All is well now.

    Also, for those using a remote MySQL app, split tunneling plus forcing UDP makes it much more responsive.

    0
    Comment actions Permalink

Please sign in to leave a comment.