Jump to content
Not connected, Your IP: 3.238.174.50
htpc

Accessing company via VPN while still staying protected by AirVPN?

Recommended Posts

I don't know if it is even possible and hopefully it hasn't been already asked/answered before (if so I wasn't able to find it).

Here's my scenario. I'm using Eddie on macOS or if at home AirVPN configured on my openVPN router for the whole network. Now my company allows access to local files and servers via VPN connection. The problem is that when I access the companies network via VPN (via Tunnelblick for example) I'm losing all protection from AirVPN for local traffic. When I connect to the company using Eddie's multi-provider support I do get access fine but local traffic (to the internet) doesn't work at all. Is this expected? And even if not, AirVPN protection would be lost anyways as the servers are not involved in the connection, right!? 

So, the question is, how would I achieve a solution that grants access to the company servers while simultaneously keeping my local AirVPN connection and protection up? Is this even possible? A VPN tunnel within a VPN tunnel? Inception so to speak 😛

Thanks for your support!

Share this post


Link to post
2 hours ago, htpc said:

When I connect to the company using Eddie's multi-provider support I do get access fine but local traffic (to the internet) doesn't work at all. Is this expected? And even if not, AirVPN protection would be lost anyways as the servers are not involved in the connection, right!? 


Eddie's multi-provider support is not what you think it is. It actually is support for using OpenVPN profile files with Eddie – and those are coming from other VPN providers, hence the "multi-provider" in the name. I'm not sure how complete that support is. It was added three years ago, I think, and I'm not aware of it having being worked on since.

Anyway, I don't fully understand your setup. Do you want to establish two OpenVPN connections on macOS, or does it not work when you're at home where the router connects to AirVPN?
If it's the former, I will assume you got a .ovpn or .conf file from your employer which you can edit. What you essentially need to do is to prevent this OpenVPN instance from setting the default route while letting the server set the local company routes. Try adding the following to the file of your company:

redirect-private def1 bypass-dhcp <- I would look into the logs and see which flags your company pushes after "redirect-gateway", then enter those flags here after redirect-private
pull-filter ignore "redirect-gateway"

.

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

Right now I'm on macOS (not the router setup). So if I understand you correct, if I change the directives as described, the right way to do this would indeed be to run two VPN connections? One with Eddie for local traffic and a second one with Tunnelblick to access the company server, right? Tunnelblick gives a heap load of warnings whe I try this and asks me to disconnect the running (Eddie) connection as otherwise the system might not work properly. But if you say that is OK, i will give it a try ofc.

Thanks for your help!

Share this post


Link to post
9 hours ago, htpc said:

Tunnelblick gives a heap load of warnings whe I try this and asks me to disconnect the running (Eddie) connection as otherwise the system might not work properly. But if you say that is OK, i will give it a try ofc.


What do those warning read, "warning, one day before Merry Xmas"? :) If you're mentioning warnings, you could post the logs containing them, right? After all, we're troubleshooting.

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

Haha, fair enough! Well, actually I just tried this again with only a small difference. I made Eddie use Hummingbird before starting Tunnelblick. This time no error messages and connection to company server did work as expected. Local traffic still going through Eddie as confirmed by checking via ipleak.net. The only thing that doesn't work smoothly is that when I disconnect Tunnelblick it also seems to terminate the AirVPN tunnel. Strange thing about it is that Eddie doesn't give any error message about it and pretends to be running just fine. When I check again via ipleak.net though I can see though that my real IP is leaked (DNS is still AirVPN). Disconnect and reconnect brings everything back to normal.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...