 So I'm here from Lawrence systems and we're going to talk about how to split tunnel a VPN and push very specific routes So you can manage resources and balance them This is kind of a unique edge case, but I have some clients that specifically need this here in March of 2020 So I thought it would be a good time to do this quick video because it's a little bit easier to do once you know Where to put the settings. All right If you want to learn more about me and my company head over to Lawrence systems comm if you'd like to hire Sure a project click the hires button up at the top and fill out the form If you're looking to help the channel out in other ways there are deals and discounts below for with our affiliate links that get you Discounts on services and products that we talk about on this channel. So open VPN I just did a video on this and I'll leave a link to it So how to get open VPN set up on pfSense what we're going to do is we have my office network We have this Windows demo computer. We're going to do this on green Represents the office IP address going out to the public internet red represents my home IP address We're actually going to use my own yes my home at netgate sg-1100 for this demonstration So I will show you my home IP address not my office one just if anyone's wondering and the goal of this is let's say we have All the resources we want to redirect over the network now when you have a VPN and I talked about this in the last video And you want to redirect all resources so when this Windows computer gets online It goes over here and it assumes the public IP address because it tunnels all the traffic through The office network through the internet over to here and then once it's over there all it assumes the public IP address of this device The downside of this if you have a finite amount of resources like you have an sg-1100 There's only so much speed on the VPN or you have a limited amount of bandwidth Everything that this particular computer does is being tunneled back over the network That means not only the resources that you have access to such as this NAS that's over at my house You also are tunneling a hundred percent of the traffic now Maybe you want that because you have very specific websites that you've tied to your public IP address for authentication So you can't have them just coming in from any random network The downside of that is every tab that comes open Netflix YouTube or whatever in their browser or whatever Network resources they're using that you tunnel across the network are now going to bottleneck over here if you have too many users And not enough resources So how do you split it? How would you say I want to give access to local resources on my network and a very specific set of websites? That's what this tutorials for so you'll be able to take this computer and it's going to be able to go out And if it goes to Netflix or YouTube, it's going to use the main network It's on the office network here if it goes out to the website if config.co It's going to be very specifically using my home IP address for that And this is split tunneling so you're taking the tunnel and splitting it up and pushing routes So you're doing a custom route here. So the red represents home IP green there and let's go ahead and take a look at the settings for this So first we're going to go here the VPN is not connected This is my public IP address that I have blurred out for my office because that's where I'm actually located and recording this video So I have config.co is showing my public IP address And I have config.me is showing my public IP address for my office both of these are showing the same thing So we want to take these IP addresses and we're going to take specifically I have config.co We want to show how I can redirect that to a different IP address by splitting the tunnel and splitting the route So first things first ping I have config.co. I need to know the IP address of it So it's 104 28 1994 go over here and This is my home open VPN setup. I have my SG-1100 all configured open VPN working and I don't I do not want this checked So force all client-generated IB for traffic through the tunnel. No, we only want to have local resources So I only have one single network setup that I want pushed It's the 192.168 network and it'll give me access to that nas that's over there But we also want this there's that IP address again. So in our custom options. We push route 104 28 294 255 255 255 colon enter now. Let's say we had more than one of these You could do it like this and you could put Different IP addresses and list them all out. Maybe you have more than one But in this demo here, we're just going to show one But you separate them with a colon and a new line and these will push these routes back across So this is going to push any time the system sees that IP address It says oh redirect that over the tunnel and then go out the network So this is already set up and saved in here That's the only thing that's really different from a normal setup other than making sure you're not forcing all client-generated IPv4 traffic if you're doing that this is moot point because you're already redirecting everything through there Back over here. So now we're gonna go ahead and open up the VPN and do a connect and it's connected. So first things first route Print and what route print does is list all the routes that have been pushed to this computer and right? Here's the route that we added very specifically this means if you see this IP address telling the computer Then here is the gateway link for that particular IP address. So if we go to 104 1894 We see that IP address. Here's the route link push it out this gateway to this interface and That will now redirect that particular traffic, but we still have all of our normal interface gateways 10 dots to this is local to the network So anything that's not that goes up where it should be and then down further We have the routes here that match for local resources So this is the 192 168 network because the IP address of this particular computer is 10 dot 2 dot 15. So let's go with those websites and refresh them now This website is showing my IP address form home that I did leave exposed here So now you can see that this one this site shows this IP address And I'm gonna blur this one out refresh the page shows my office IP address So now you kind of get the idea just that one all I had to do is push that one route I didn't have to reconfigure the VPN or anything like that because it's already configured the routes get pushed not as part of the config file that's already on the users, but as a Route push setting. So once this connects, it's the settings to get pushed into the routing table in there The way you'd confirm they're in there is just like I showed here Just do a route print and you can see if those are actually getting carried over to the client If they're not for some reason you'll have to do some further investigation But it does require by the way making sure that open VPN is set up properly and worked in the first place of If that didn't seem obvious But it's also making sure that these routes are getting in which sometimes means the open VPN does have to have a Certain level admin privileges to work at all to push these routes over so hopefully this helps if you're dealing with a split tunnel and dealing with a load issue Like this where you want to have only certain resources go across the network that way you can better Allocate and manage those resources versus having all the traffic. I mean ideally if you're looking for security You're at a coffee house. Yes sending all the traffic across is great across the tunnel So it's not being potentially looked at in anywhere in between But in times of limited resources you want to only necessarily redirect certain things over there Because it'll make your life a lot easier and share that bandwidth a lot better. All right, and thanks And thank you for making it to the end of the video If you liked this video, please give it a thumbs up If you'd like to see more content from the channel hit the subscribe button and hit the bell icon If you like YouTube to notify you when new videos come out If you'd like to hire us head over to Lawrence systems calm fill out our contact page and Let us know what we can help you with and what projects you'd like us to work together on If you want to carry on the discussion head over to forums dot Lawrence systems calm Or we can carry on the discussion about this video other videos or other tech topics in general even suggestions for new videos They're accepted right there on our forums, which are free Also, if you like to help the channel in other ways head over to our affiliate page We have a lot of great tech offers for you and once again, thanks for watching and see you next time