Want to configure VPN on Mac so that bittorrent and wechat don't use it
November 14, 2022 6:58 PM Subscribe
but everything else does. what it says on the tin, specifics within
I live in China and often need to make use of a VPN. My VPN provider has a clash-based app, but I can use pretty much any VPN client that allows the common methods of subscription, so I'm happy to switch to one that makes doing this easier, if necessary. In the past I have used parallels to provide this sort of "split internet," but that is a very heavyweight solution given I really only care about two apps not using the VPN.
Ideally, I want all of my traffic to go through the VPN except torrent traffic and WeChat traffic. I'm not really sure how to achieve this (I'm technical, so I can certainly follow directions, but I am woefully ignorant of this part of the stack, somewhat shamefully! networking is a big weakness). I currently use Transmission for torrenting, but am happy to switch clients if that helps. The WeChat thing is a nice to have, the torrenting is the bigger issue (since it will destroy my VPN's traffic quota!).
If you have suggestions of other places to ask I'm all ears. I tried r/VPN but the question got deleted. reddit, eh?
I live in China and often need to make use of a VPN. My VPN provider has a clash-based app, but I can use pretty much any VPN client that allows the common methods of subscription, so I'm happy to switch to one that makes doing this easier, if necessary. In the past I have used parallels to provide this sort of "split internet," but that is a very heavyweight solution given I really only care about two apps not using the VPN.
Ideally, I want all of my traffic to go through the VPN except torrent traffic and WeChat traffic. I'm not really sure how to achieve this (I'm technical, so I can certainly follow directions, but I am woefully ignorant of this part of the stack, somewhat shamefully! networking is a big weakness). I currently use Transmission for torrenting, but am happy to switch clients if that helps. The WeChat thing is a nice to have, the torrenting is the bigger issue (since it will destroy my VPN's traffic quota!).
If you have suggestions of other places to ask I'm all ears. I tried r/VPN but the question got deleted. reddit, eh?
I was going to tell you that a VM was probably the easiest way. The other way requires great firewall mastery because the apps involved probably are random IP addresses (so simple route table manipulation doesn't work), they may have colliding port ranges with other apps (so simple firewall trickery won't do the trick), you will need tagged processes to match with rules and extreme firewall/routing skills to attempt this (if Mac even has/can provide originating process information down to the the firewall rewrite level). On Linux and some other things there are lightweight containers that use the same kernel, just in a different namespace each with it's own routing. Sorta VM lite. Not really running a VM, just quarantining a process into a particular space. Rather low overhead. It would be much much much easier to run your two apps in this sort of container/VM-lite with different networking settings than it would to be to make your goal work the hard way.
Welcome to network engineering.
Ditto qxntpqbbbqxl but "split tunneling" usually refers to just sending different IP ranges along different routes. Like I run a VPN to Work, work host traffic goes through VPN, Netflix goes through regular internet. But those are IP ranges of addresses, that's the simple router table manipulation. Especially the torrent is random addresses that could only be done by port or proccess (not by IP), not sure about WeChat.
posted by zengargoyle at 11:36 PM on November 14, 2022
Welcome to network engineering.
Ditto qxntpqbbbqxl but "split tunneling" usually refers to just sending different IP ranges along different routes. Like I run a VPN to Work, work host traffic goes through VPN, Netflix goes through regular internet. But those are IP ranges of addresses, that's the simple router table manipulation. Especially the torrent is random addresses that could only be done by port or proccess (not by IP), not sure about WeChat.
posted by zengargoyle at 11:36 PM on November 14, 2022
Response by poster: Hmm, it does sound like a VM is the way to go, then!
posted by wooh at 1:54 AM on November 15, 2022
posted by wooh at 1:54 AM on November 15, 2022
zengargoyle, the tunnel can be split in the ports/protocols, not just the addressing ranges. I think, though, you'd use a firewall to filter the protocols that can talk to a tunnel with those that don't getting routed alongside tunnel traffic instead of DROP'd.
posted by k3ninho at 7:09 AM on November 16, 2022
posted by k3ninho at 7:09 AM on November 16, 2022
This thread is closed to new comments.
posted by qxntpqbbbqxl at 11:21 PM on November 14, 2022