split () interface = route if interface = WIRELESS_INTERFACE : gateway = route break if gateway is None : sys. split ( " \n " ) for route in routes : route = route. check_output (( "netstat", "-nrf", "inet" )) routes = out. exit ( "Please, run this command with sudo." ) gateway = None tunnel_interface = get_tunnel_interface () out = subprocess. groups ( 1 ) def split_vpn_traffic (): if os. match ( r "(utun\d)", line ) if match : return match. #!/usr/bin/env python import os import re import subprocess import sys WIRELESS_INTERFACE = 'en0' # could be different on other systems TUNNEL_INTERFACE = 'utun2' VPN_NETS = VPN_HOSTS = def get_tunnel_interface (): # Get last utun interface. Save the script as split_vpn.py to your home folder.Įdit the lists VPN_NETS and VPN_HOSTS based on your needs. We implemented it in Python (based on this blog post). To solve this we need to remove a route created by GlobalProtect and then createįew new routes for only those IP addresses which we want to be directed through our VPN. When you connect to VPN with GlobalProtect, it creates a new network interfaceĪnd edits the routing table so all our traffic is sent through this new network interface. I will only focus on Mac OS but similar steps can be taken also on other operating systems. How to do traffic splitting automatically after the GlobalProtect agent connects to VPN.How to split traffic based on IP addresses.There is no need for the employer to know what goes on in my traffic. I don't think this is beneficial for the company but most importantly it goes against my privacy. The second flaw is that it automatically send ALL of my traffic through my company's VPN.
The solution works quite well but has 2 flaws by default that I don't like.įirst is that the GlobalProtect agent (client) runs automatically after the operating system turns onĪnd this behavior can't be changed in the settings. Recently the company I work for started to use Palo Alto's GlobalProtect as a solution for VPN.
0 kommentar(er)
