Page 1 of 1

Select users Split-tunnel vs all-thru OR some sites via VPN

Posted: Thu Jun 21, 2012 8:16 pm
by ugolee
The issue that I have that certain websites and production machines only allow connections from our office IP addresses. We have split-tunneling enabled for our users so as not to saturate our primary WAN line. But some users need to be able to access the above sites and machines through the VPN connection to be able to access it.

So, we can accomplish this one of two ways:
1) Have a certain group of users pass all of their internet traffic through the VPN
2) Add those sites and servers to a list that OpenVPN will recognize, so as to pass this traffic through the VPN.

Could anyone give me any information as to how to do either of these or which one is preferable/feasible?

Re: Select users Split-tunnel vs all-thru OR some sites via

Posted: Fri Jun 22, 2012 9:38 am
by janjust
I'd go with option #1 : use a 'client-connect' script to put those users in a different subnet, with full access, or use the script to set up firewall rules for those users.

The downside of option #2 is that the routing table on the server might become very lengthy.

Re: Select users Split-tunnel vs all-thru OR some sites via

Posted: Fri Jun 22, 2012 5:52 pm
by ugolee
Where would I be able to find a script that allows me to create a different client config? I can't find how to modify the client config in the OpenVPN client that you download from the Access Server.

Re: Select users Split-tunnel vs all-thru OR some sites via

Posted: Sun Jun 24, 2012 10:12 pm
by janjust
the client-connect script would be on the server side ; I don't if and how it can be done for Access Server, I only know the free community version of openvpn.