2

I have created application which is connecting to VPN server using OpenVPN Community, it is working fine and connecting and disconnecting to VPN server properly, here I have another requiement.

Using the same code I want to Split and Tunnel the VPN connection, I have googled a lot but did not get any solutions.

Here is the code for connecting VPN Server using OpenVPN:

Process process = new Process();
ProcessStartInfo startInfo = new ProcessStartInfo
{
    WindowStyle = ProcessWindowStyle.Hidden,
    FileName = @"C:\Program Files\OpenVPN\bin\openvpn.exe",
    Arguments = "--config server.ovpn --auth-user-pass ovpnpass.txt",
    Verb = "runas"
};
process.StartInfo = startInfo;
process.Start();

I want to use VPN is specific application.

Chandresh Khambhayata
  • 1,748
  • 2
  • 31
  • 60
  • 1
    Take a look [here](https://stackoverflow.com/questions/60246553/connection-to-openvpn-using-c-sharp) and [here](https://github.com/jochenwierum/openvpn-manager) – Maciej Los Aug 31 '21 at 08:02

1 Answers1

1

Virtual private network (VPN) split tunneling lets you route some of your application or device traffic through an encrypted VPN, while other applications or devices have direct access to the internet. That distinguish it from full tunnell where all traffic flows from VPN with no distinction.

Split tunneling in OpenVPN is moreover implemented at infrastructure/configuration level setup rather than filtering at runtime using code.

There is very good article by OpenVPN Setting up IP Whitelisting with Split Tunneling for SaaS using OpenVPN Access Server

As per link,

1. Begin by setting up OpenVPN Access Server if you don’t already have one. You can easily launch a new image on AWS, Google Cloud, Oracle, Azure, or DO: - AWS - Azure - Google Cloud - Digital Ocean - Oracle Cloud

2. Ensure static IP address

3. Configure access rules in Access Server : We want to achieve two objectives with the configuration:

  • As this VPN is dedicated for SaaS security, we just want traffic destined to the specific SaaS application to traverse the VPN while all other internet traffic from users does not use the VPN.

  • We want to use the VPN to set up a whitelist of source IP addresses at the SaaS from which logins are allowed. Therefore, we need to give access to the IP address(es) where the SaaS application can be reached using the NAT mechanism. That way, traffic from the VPN clients will appear to be coming from the Access Server’s public IP address.

    i) Set up NAT

    ii) Log in to the Admin Web UI for your OpenVPN Access Server and make the following configuration changes:

    • Turn on NAT by going to Configuration > VPN Settings and click on Yes, using NAT in the ‘Routing’ section. enter image description here
    • Specify only the IP address or IP range for your SaaS account in the field, ‘Specify the private subnets to which all clients should be given access (one per line):enter image description here
    • Select No for Should client Internet traffic be routed through the VPN
    • Do not push DNS, as clients will only get routes defined by the NAT subnets. To do this, set Do not alter clients’ DNS server settings to Yes.
    • Finally, click on Save Settings and Update Running Server.

4. Set up whitelist access for SaaS account

Enhancing SaaS security through IP Whitelisting for example, here all other traffic will flow through internet but your application flowing from VPN tunnel from whitelisted IP will be allowed to access your SAAS(Salesforce in example) enter image description here

Refer link from OpenVPN https://openvpn.net/vpn-server-resources/setting-up-ip-whitelisting-with-split-tunneling-for-saas-using-openvpn-access-server/ for full documentation from where most of this is abstracted directly.

Pranav Singh
  • 17,079
  • 30
  • 77
  • 104