Skip to main content

Split tunneling for work from home (WFH)

 

Work from home (WFH) has been implemented by default for many network deployments and many different solutions exist. The common use case is for the road warrior. This describes using softether. (Another alternative is strongswan)

A big problem with VPNs is that most force all connectivity via the path when you are connected. A better option is to use a split tunnel whereby only the office connecivity goes over the VPN and the rest remains on the existing Internet path. This way your youtube, zoom or teams experience remains great and is not influenced by the VPN.

At Fusion Broadband South Africa we have started deploying as using rport. Rport provides a great mechanism to leverage Fusion's SD-WAN for additional infrastructure management.

No alt text provided for this image

The ability of rport can be leveraged to extend and provide VPN services. Although many other variants are supported and can be potentially deployed, a popular choice, as mentioned is softether.

No alt text provided for this image

To ensure the road warrior has the best user experience a technique known as split tunneling is required. This is achieved using RFC3442 for all the routes that are required for office connectivity and work. Then the metric for that network is made higher on the laptop. This now results in only office connectivity going via softtether and the rest on the normal Internet path.

No alt text provided for this image
No alt text provided for this image

The result is a good and stable WFH/road warrior solution.

No alt text provided for this image
 
This article was originally published over on LinkedIn: Split tunneling for work from home (WFH)

Comments

Popular posts from this blog

LDWin: Link Discovery for Windows

LDWin supports the following methods of link discovery: CDP - Cisco Discovery Protocol LLDP - Link Layer Discovery Protocol Download LDWin from here.

easywall - Web interface for easy use of the IPTables firewall on Linux systems written in Python3.

Firewalls are becoming increasingly important in today’s world. Hackers and automated scripts are constantly trying to invade your system and use it for Bitcoin mining, botnets or other things. To prevent these attacks, you can use a firewall on your system. IPTables is the strongest firewall in Linux because it can filter packets in the kernel before they reach the application. Using IPTables is not very easy for Linux beginners. We have created easywall - the simple IPTables web interface . The focus of the software is on easy installation and use. Access this neat software over on github: easywall

STG (SNMP Traffic Grapher)

This freeware utility allows monitoring of supporting SNMPv1 and SNMPv2c devices including Cisco. Intended as fast aid for network administrators who need prompt access to current information about state of network equipment. Access STG here (original site) or alternatively here .