0

I'm using Mac.

My company is using Checkpoint VPN client and every time I connect via VPN my external internet connection drops.

Is there a way I can solve this problem? I.e. keep external connection while also connected on VPN?

Improve this question
3
  • Talk with your company about it. Typically what you ask for is called split tunnel vpn. There may be reasons why they don't want that.
    – vidarlo
    Commented May 27, 2021 at 17:54
  • 1
    Split tunnel would mean that your machine either routes to Corp for servers in the Corp IP range, or directly to the public internet for all other IPs. The more common setup is that you can still access the public internet, but routed via the corp network. A remote VPN connection to your company should behave exactly the same as if you were in the office. Question: do you have public internet access while in the office, or is this something they are intentionally cutting off?
    – Mike Ounsworth
    Commented May 27, 2021 at 17:56
  • 1
    Basically; whether you can (ie is technically possible), and whether you should (ie violates corp IT policy or your employment contract) are two very different questions. You need to talk to your corp IT people, not some randos on the internet.
    – Mike Ounsworth
    Commented May 27, 2021 at 17:57

1 Answer 1

Reset to default
0

A properly configured VPN should be working exactly like your system is functioning.

What you're asking for is a split connection. Yes it is possible, but doing so is considered to be a security threat.

Fundamentally you need a second layer 2 (ethernet) port. This can be done with either a real physical second connection, or a virtual second port on one physical device.

I encourage you to carefully consider your reasons.

Improve this answer
3
  • 1
    Downvoted. While it may introduce security risks, it's not a security risk by itself, if properly handled. Furthermore, second port won't really help if the vpn daemon overwrites your routing table.
    – vidarlo
    Commented May 27, 2021 at 18:20
  • @vidarlo - Just so I understand, you're saying both "It's not a security risk" and "It can't be done"? I don't suppose the fact that I've done it would change your view?
    – user10216038
    Commented May 27, 2021 at 18:31
  • I'm saying it can't be done if the vpn daemon overwrites your routing table. But what you can achieve by adding a second ethernet adapter can trivially be achieved by editing your routing table, or in a OS which supports it, using network namespaces.
    – vidarlo
    Commented May 27, 2021 at 18:48

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .