Friday, September 25, 2009

Split-Tunnel VPN

A lot of time, we work-from-home (WFH). To work, we need to setup a VPN tunnel back to office network, to read email for instance. Once the VPN connected, you loss all the direct connections to Internet: to download torrent, skype, IM, etc.

This technique is called "split-tunneling VPN". It allows you to connect to office network via VPN and Internet directly. Split-tunneling configures the VPN connection so that only traffic headed to computers on the office network is sent through the VPN connection; other traffic goes out through your home router.

Follow these steps to set up a VPN connection in Windows XP/Vista/7 that uses split tunneling:
  • Setup your VPN connection using the instruction from your corporate standard.
  • Right-click the VPN connection and select "Properties."
  • Select the "Networking" tab.
  • Highlight "Internet Protocol Version 4 (TCP/IP v4)."
  • Click "Properties"
  • Click "Advanced"
  • Uncheck the "Use default gateway on remote network" box. (This is turned on by default)
  • Click "OK" few times to close the windows you opened.
From that point forward, only traffic destined for your corporate network will be sent through the VPN. All other traffic will use the local network.

Note: If your corporate network contain other internal subnets, you will need to add static routes for that manually.

Update: see the enhancement example.