Jump to content
Not connected, Your IP: 18.221.213.213
looski

Split Tunnelling using Eddie

Recommended Posts

Hi everyone.. 

I have seen similar questions posted but I haven't been able to work it out. Hoping someone can help.   I am running version 2.18.9 version of Eddie on a M1 Mac.  I would like like to exclude certain web sites and applications e.g. BBC IPlayer from going out over the VPN.  

So in Eddie, I
   1.  go the Routes option and enter the site IP and choose option Outside the VPN 
   2. go to the Network Lock option and in IPs allowed for Outgoing section I enter the same IP.

I have tried Outgoing to Allow but its made no difference.. 

I am sure its probably something pretty basic I missed, but I can figure it out.. Is anyone able to give me some guidance?

Peter

Share this post


Link to post

No, point 1 is actually the right way. Did you add the routes before connecting?
Can you please try the current beta which is 2.19.6?


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

It would not be enough to just route IP addresses associated with bbc.co.uk outside the VPN. When streaming starts it is coming from content delivery network ("CDN") services such as akamai, limelight and bidi, which have many IP addresses in many sub-nets, and a DNS service that may return different IP addresses depending on server load and location of the streamer. No practical way to get a complete set of IP addresses. And these CDN-s also block VPN IP addresses for specific content. This approach really only works for very simple web sites.

What I do is only use the VPN for specific applications. For Windows see this:

https://github.com/tool-maker/VPN_just_for_torrents/wiki/Running-OpenVPN-on-Windows-without-VPN-as-Default-Gateway

"The script works because of the way Windows handles source address routing. If the program is bound to a source IP address, that IP address is used as the source IP address for connections sourced from that socket and the adapter associated with that source IP is used as the source interface. The route table is searched but only for routes that can be reached from that source interface. When OpenVPN starts, it will attempt to override the default gateway by adding routing table entries that will mask the original default gateway. VPN_gateway_hide.bat adds routing table entries that mask the entries added by OpenVPN. So the default gateway remains in effect. When a program is bound to the VPN IP address, the routing table entries added by VPN_gateway_hide.bat will be ignored, and the VPN will be used. "

For Linux see this:

https://github.com/tool-maker/VPN_just_for_torrents/wiki/Running-OpenVPN-on-Linux-without-VPN-as-Default-Gateway

"In order to do this you need to suppress the VPN from becoming the default gateway and set up routing to allow "source address routing". "

The trick is then to bind the applications you want to use the VPN to the local VPN IP address, so that their traffic gets routed over the VPN via "source address routing". I bind my torrent client to the VPN. But I also use the SQUID HTTP proxy locally (either on Linux or using SQUID in Cygwin on Windows) and bind that to the VPN IP address. Then I can can browse or run a stream ripper (like youtube-dl) through SQUID so that the VPN is used for that traffic.

I have posted about these things in this forum before. But it may be hard to find those posts. So if you want more information about how to bind a torrent client or SQUID to an IP address, then ask here.

EDIT:

I realize now that you said you use MAC. I have never used MAC. But I have set up this same routing scheme (leaving the real interface as the default gateway and source address routing) on BSD using the PF firewall. And I believe MAC uses PF as well. So maybe the same method will work.

See:

https://www.freebsd.org/cgi/man.cgi?query=pf.conf

"from <source> port <source> os <source> to <dest> port <dest>
This rule applies only to packets with the specified source and destination addresses and ports.
Addresses can be specified in CIDR notation (matching netblocks), as symbolic host names, interface names or interface group names, or as any of the following keywords:
..."

"route-to
The route-to option routes the packet to the specified interface with an optional address for the next hop. When a route-to rule creates state, only packets that pass in the same direction as the filter rule specifies will be routed in this way. Packets passing in the opposite direction (replies) are not affected and are routed normally."

I believe I used that.

I added some notes for BSD to those notes at GitHub:

https://github.com/tool-maker/VPN_just_for_torrents/wiki/Running-OpenVPN-on-BSD-(or-MAC%3F)-without-VPN-as-Default-Gateway
 

Share this post


Link to post

Sorry for the delay in responding..  Thanks to everyone who took the time out to reply..  

The suggestion to use the latest Beta fixed the relatively simple sites.. 

I need to look into configuring source based routing.. I think this will solve most of my issues.  Thanks again ! 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...