How to make certain apps work over VPN while others in local LAN in OS X Yosemite?

Question

I have a Mac with OS X (10.10.3) from which I need to connect to a remote Windows PC via VPN+RDP. The problem here is that once VPN is up, my internet connection is no longer available. I can only reach a number of machines via VPN but not WAN, which is really annoying. As a workaround I use a VBox machine with Win7 where I set up VPN and RDP. This allows me to access WAN from the host at the same time, but obviously is an overkill.

Is there a more lightweight solution to that?

UPD1: The VPN connection is set up via native Mac client which is available in Network settings. It is a PPTP connection.
On the other side there is some kind of Windows Server. Don't know which version or anything else about it. Altering server side configuration is unavailable.

I also tried to disable the Send all trafic over VPN connection checkbox in VPN settings and to lower its position in Set service order dialog, but this seems to have no effect.

Answer 1

A good question.

First: why can't you access the Internet when on the VPN? VPNs are made to allow remote access to local machines, as if the remote machine belonged to the LAN, and to allow WAN navigation again as if the remote machine belonged to the LAN, i.e. with the (public) IP of the LAN. You are clearly taking advantage of the first feature, not of the second one. Perhaps you should contact the local administrator of the machine you are accessing via the VPN to clarify why he/she is not granting you the right to navigate the WAN through the VPN.

Second. Strictly speaking, no, there are no more lightweight solutions to this problem. The reason is the more lightweight solutions devised so far (Linux containers and network-namespaces) exist in the Linux kernel, not on the Mac (or any other UNIX kernel, to the best of my knowledge).

Linux containers (or a variant thereof, Docker) have been ported to the MAC, but alas, they are based upon an underlying Linux VM machine running on the MAC, once again. You can find more information here and try it out, if you feel like it. But I am not sure how much simplification that would entail to you, given that in the end you always have a VM running your connections. Probably, the simplification would occur if you were to have several distinct simultaneous connections, because then a single Linux VM could handle them all. But, for a single extra connection, I cannot see a major improvement.

Third, the real thing that is missing in the Darwin kernel, however, even more than these virtualization solutions, is policy routing (sometimes also called source routing), i.e. the possibility of having two simultaneous routing tables. With a small number of virtual interfaces (which have been ported to Darwin) this would mean solving your problem lightly. Until then, no dice.