pfSense Support Subscription

Author Topic: Optional tunnel all for mobile clients  (Read 660 times)

0 Members and 1 Guest are viewing this topic.

Offline Trel

  • Sr. Member
  • ****
  • Posts: 368
  • Karma: +11/-1
    • View Profile
Optional tunnel all for mobile clients
« on: December 02, 2015, 12:04:22 pm »
Is there any way I can have it that mobile clients by default do not tunnel all, but the client can enable it if necessary?
(PFSense is the server, various machines (Windows, Linux, Android) are the clients)

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9565
  • Karma: +1084/-309
    • View Profile
Re: Optional tunnel all for mobile clients
« Reply #1 on: December 02, 2015, 12:38:18 pm »
I'd say it depends on the client. Attached is a Viscosity for Mac screenshot.

An alternative would be two OpenVPN servers, one that pushes the default gateway and DNS servers and one that does split tunneling. The client could connect to the one with the desired behavior.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline Trel

  • Sr. Member
  • ****
  • Posts: 368
  • Karma: +11/-1
    • View Profile
Re: Optional tunnel all for mobile clients
« Reply #2 on: December 02, 2015, 08:27:09 pm »
I'd say it depends on the client. Attached is a Viscosity for Mac screenshot.

An alternative would be two OpenVPN servers, one that pushes the default gateway and DNS servers and one that does split tunneling. The client could connect to the one with the desired behavior.

Two servers is how I currently do it.

Other than Viscosity, do you happen to know of any good Windows (mostly this) + Linux (but this too) OpenVPN clients w/ GUI if possible?  (I know that's not technically what I asked originally)

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9565
  • Karma: +1084/-309
    • View Profile
Re: Optional tunnel all for mobile clients
« Reply #3 on: December 02, 2015, 09:42:19 pm »
Hmm. Last thing I want is my users getting in there and clicky-clicky around.

What you currently use doesn't do it?
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline Trel

  • Sr. Member
  • ****
  • Posts: 368
  • Karma: +11/-1
    • View Profile
Re: Optional tunnel all for mobile clients
« Reply #4 on: December 03, 2015, 12:14:46 pm »
Hmm. Last thing I want is my users getting in there and clicky-clicky around.

What you currently use doesn't do it?

This is what I currently use (on Windows at least): https://community.openvpn.net/openvpn/wiki/OpenVPN-GUI

Not exactly the best option, especially when it comes to the end user.  I'd much rather them have a checkbox than attempting to edit a config file.

Offline Wroxc

  • Full Member
  • ***
  • Posts: 177
  • Karma: +0/-0
    • View Profile
Re: Optional tunnel all for mobile clients
« Reply #5 on: December 12, 2015, 03:10:49 pm »
Is there any way I can have it that mobile clients by default do not tunnel all, but the client can enable it if necessary?
(PFSense is the server, various machines (Windows, Linux, Android) are the clients)

Are you talking of split tunneling?

I tested with openvpn in pfsense  with Android and it was working.

In openvpn android client you can check uncheck this options..

Not sure if Linux Mac or Windows.

I will test it those gadgets and let you know.

I did a temporary setup where I put pfsense behind cisco 1841 router and applied qos to restrict bandwidth. When I was connected via vpn to it I was getting that pathetic speed in browsing and site to site data transfer. And what is my ip would show that all my traffic is routed via my open vpn server.

However when I enabled split tunneling in client on Android browsing speed became normal.  But site to site was still slow.


And what is my ip would show me Wan address of the local network.