Split Tunnel for OpenVPN Cloud
What is it?
When a VPN connection is set up, an encrypted tunnel is created over the Internet to the Cloud VPN Region. The VPN connection appears as a virtual network interface to the computer in addition to the existing LAN interface. Now, it becomes possible to use both interfaces simultaneously by sending the private traffic destined to the Cloud VPN inside the VPN tunnel and the public traffic (Internet traffic) over the other interface (outside the VPN tunnel). When the traffic is split between the VPN interface and other interfaces, split tunneling is said to be in use. When split tunneling is not in use all the traffic uses the VPN interface resulting in the internet traffic too being sent to the Cloud.
Who should use this?
The administrator should set the split tunnel ON/OFF as desired for the internet access setting associated with User Groups, Networks, and Hosts.
Show me how to configure it?
The split tunnel ON is the default value for the internet access setting associated with User Groups, Networks, and Hosts. Only when a network is set as VPN Egress does the split tunnel OFF value appears as an option for the internet access setting associated with User Groups, Networks, and Hosts.
When should I make use of this?
After setting a Network to act as VPN Egress, split-tunnel OFF can be chosen as an option for the internet access setting associated with User Groups, Networks, and Hosts. Once internet access setting is set to split tunnel OFF for the desired User Groups, Networks, and Hosts, internet traffic from those sources will egress out of the VPN via the one or more Networks set as VPN Egress. This is useful because it can allow the internet traffic to be routed to security tools present in the VPN egress networks which can enforce corporate security policies. Another reason would be to utilize NAT to mask the source IP address of the internet traffic to make it appear that it originated from the VPN egress network. This would allow the public IP address of the VPN Egress Network’s Connector to be used in whitelisting access to SaaS tools.