Create a Post
Showing results for 
Search instead for 
Did you mean: 

VPN Mobile Client Tunneling Exceptions


We're using VPN Mobile Clients. We have not set them to full-tunneling, so we use split DNS. In other words, the regular internet-traffic (Facebook, Netflix etc) does not enter the tunnel. Only traffic to our on-premise resources (domain, fileservers etc.) enters the tunnel. So far so good. Been doing this for 20 years.

But, enter 2020 we now use Cloud resources at Azure/AWS. To secure these services we have set up whitelist-filters so only our office IP addresses are allowed to manage the cloud. So users at the office can access Azure/AWS and do their clouddance.

But users on VPN Mobile cannot access the same Cloud resources, since that traffic is classified as public Internet, and does not enter the tunnel. This is a problem.
I don't want to set the Mobile clients to full-tunneling and ditch split-DNS, because then I'll get hit with Netflix, Facebook and other private crap I don't want to know about.

So what are my options ? Is there any way to tell the VPN Mobile client to route certain traffic over the VPN, even though the IP addresses of that traffic are public and not part of my on-premise encryption domain ?

I cannot believe I'm the only one with this predicament. 

Any thoughts ?


0 Kudos
2 Replies

I have the same problem

0 Kudos

Similar issue here.

We want VPN user traffic to go through our corporate internet filter, how connections to internet hosted video conferencing/collaboration services should route via the users internet service to reduce latency. This would probably need to based upon domains (if possible)

0 Kudos