Skip to main content

Split tunneling for work from home (WFH)

 

Work from home (WFH) has been implemented by default for many network deployments and many different solutions exist. The common use case is for the road warrior. This describes using softether. (Another alternative is strongswan)

A big problem with VPNs is that most force all connectivity via the path when you are connected. A better option is to use a split tunnel whereby only the office connecivity goes over the VPN and the rest remains on the existing Internet path. This way your youtube, zoom or teams experience remains great and is not influenced by the VPN.

At Fusion Broadband South Africa we have started deploying as using rport. Rport provides a great mechanism to leverage Fusion's SD-WAN for additional infrastructure management.

No alt text provided for this image

The ability of rport can be leveraged to extend and provide VPN services. Although many other variants are supported and can be potentially deployed, a popular choice, as mentioned is softether.

No alt text provided for this image

To ensure the road warrior has the best user experience a technique known as split tunneling is required. This is achieved using RFC3442 for all the routes that are required for office connectivity and work. Then the metric for that network is made higher on the laptop. This now results in only office connectivity going via softtether and the rest on the normal Internet path.

No alt text provided for this image
No alt text provided for this image

The result is a good and stable WFH/road warrior solution.

No alt text provided for this image
 
This article was originally published over on LinkedIn: Split tunneling for work from home (WFH)
Labels:

Comments

Post a Comment

Popular posts from this blog

easywall - Web interface for easy use of the IPTables firewall on Linux systems written in Python3.

Firewalls are becoming increasingly important in today’s world. Hackers and automated scripts are constantly trying to invade your system and use it for Bitcoin mining, botnets or other things. To prevent these attacks, you can use a firewall on your system. IPTables is the strongest firewall in Linux because it can filter packets in the kernel before they reach the application. Using IPTables is not very easy for Linux beginners. We have created easywall - the simple IPTables web interface . The focus of the software is on easy installation and use. Access this neat software over on github: easywall
Post a Comment
Read more

No Scrubs: The Architecture That Made Unmetered Mitigation Possible

When building a DDoS mitigation service it’s incredibly tempting to think that the solution is scrubbing centers or scrubbing servers. I, too, thought that was a good idea in the beginning, but experience has shown that there are serious pitfalls to this approach. Read the post of at Cloudflare's blog: N o Scrubs: The Architecture That Made Unmetered Mitigation Possible
Post a Comment
Read more

Should You Buy A UniFi Dream Machine, USG, USG Pro, or Dream Machine Pro?

 
Post a Comment
Read more