Accessing company via VPN while still staying protected by AirVPN?

[htpc 9]

I don't know if it is even possible and hopefully it hasn't been already asked/answered before (if so I wasn't able to find it).

Here's my scenario. I'm using Eddie on macOS or if at home AirVPN configured on my openVPN router for the whole network. Now my company allows access to local files and servers via VPN connection. The problem is that when I access the companies network via VPN (via Tunnelblick for example) I'm losing all protection from AirVPN for local traffic. When I connect to the company using Eddie's multi-provider support I do get access fine but local traffic (to the internet) doesn't work at all. Is this expected? And even if not, AirVPN protection would be lost anyways as the servers are not involved in the connection, right!?

So, the question is, how would I achieve a solution that grants access to the company servers while simultaneously keeping my local AirVPN connection and protection up? Is this even possible? A VPN tunnel within a VPN tunnel? Inception so to speak 😛

Thanks for your support!

[OpenSourcerer 1441]

2 hours ago, htpc said:

When I connect to the company using Eddie's multi-provider support I do get access fine but local traffic (to the internet) doesn't work at all. Is this expected? And even if not, AirVPN protection would be lost anyways as the servers are not involved in the connection, right!? 

Eddie's multi-provider support is not what you think it is. It actually is support for using OpenVPN profile files with Eddie – and those are coming from other VPN providers, hence the "multi-provider" in the name. I'm not sure how complete that support is. It was added three years ago, I think, and I'm not aware of it having being worked on since.

Anyway, I don't fully understand your setup. Do you want to establish two OpenVPN connections on macOS, or does it not work when you're at home where the router connects to AirVPN?
If it's the former, I will assume you got a .ovpn or .conf file from your employer which you can edit. What you essentially need to do is to prevent this OpenVPN instance from setting the default route while letting the server set the local company routes. Try adding the following to the file of your company:

redirect-private def1 bypass-dhcp <- I would look into the logs and see which flags your company pushes after "redirect-gateway", then enter those flags here after redirect-private
pull-filter ignore "redirect-gateway"

.

[htpc 9]

Right now I'm on macOS (not the router setup). So if I understand you correct, if I change the directives as described, the right way to do this would indeed be to run two VPN connections? One with Eddie for local traffic and a second one with Tunnelblick to access the company server, right? Tunnelblick gives a heap load of warnings whe I try this and asks me to disconnect the running (Eddie) connection as otherwise the system might not work properly. But if you say that is OK, i will give it a try ofc.

Thanks for your help!

[OpenSourcerer 1441]

9 hours ago, htpc said:

Tunnelblick gives a heap load of warnings whe I try this and asks me to disconnect the running (Eddie) connection as otherwise the system might not work properly. But if you say that is OK, i will give it a try ofc.

What do those warning read, "warning, one day before Merry Xmas"? If you're mentioning warnings, you could post the logs containing them, right? After all, we're troubleshooting.

[htpc 9]

Haha, fair enough! Well, actually I just tried this again with only a small difference. I made Eddie use Hummingbird before starting Tunnelblick. This time no error messages and connection to company server did work as expected. Local traffic still going through Eddie as confirmed by checking via ipleak.net. The only thing that doesn't work smoothly is that when I disconnect Tunnelblick it also seems to terminate the AirVPN tunnel. Strange thing about it is that Eddie doesn't give any error message about it and pretends to be running just fine. When I check again via ipleak.net though I can see though that my real IP is leaked (DNS is still AirVPN). Disconnect and reconnect brings everything back to normal.