![openvpn tunnelblick not routing non vpn traffic openvpn tunnelblick not routing non vpn traffic](https://docs.qnap.com/nas-outdated/4.3/cat1/en/qvpn_service.png)
The question is why MacOS instead of consuming packets originated on localhost and destined to utun IP address, it forwards them over utun interface. Just as an exercise we can route packets back on the VPN server, but this is very non-optimal. Most of the times VPN servers don't forward those packets back, hence macos cannot consume SYN-ACK packets and this is why our 3-way handshake never completes. If you listen on the remote side of the tunnel you will get those SYN-ACK packets. And here is the problem, the SYN-ACK packet is not consumed by the macos, but instead it is being sent over utun interface. The SYN-ACK packet (return traffic destined to utun IP) will be routed according to the routing table, in this case it will be routed via utun interface. On lo0 interface packet will look like this: Initial SYN packets gets redirected to lo0 (pf rules). When you ssh to the destination host which is "behind" sshuttle, because the default route is via utun interface, the source IP address used for this flow will be the utun IP address. S: channel=0 cmd=PONG len=7 (fullness=23) S: > channel=0 cmd=ROUTES len=16 (fullness=7) Starting server with Python version 2.7.5 S: channel=0 cmd=PONG len=7 (fullness=45) > pass out route-to lo0 inet proto tcp to keep stateĬ : Waiting: 2 r= w= x= (fullness=14/0) S: > channel=0 cmd=ROUTES len=38 (fullness=7)
![openvpn tunnelblick not routing non vpn traffic openvpn tunnelblick not routing non vpn traffic](https://tunnelblick.net/images/cConnectedBut-ipinfo-2019-03-18.png)
S: > channel=0 cmd=PING len=7 (fullness=0) Starting server with Python version 2.6.6 I have a OpenVPN server and we would like all traffic to go out the end users internet but if they are Developer and they are using SSH to the AWS servers I would like that traffic to go out the VPN connection and appear as though they are internal to the company. Server: assembling u'sshuttle.hostwatch' (2364 bytes) Server: assembling u'sshuttle.ssnet' (5540 bytes) Server: assembling u'sshuttle.helpers' (950 bytes) Server: assembling u'sshuttle.cmdline_options' (27 bytes) Starting client with Python version 2.7.10Ĭ : executing: Ĭ : > channel=0 cmd=PING len=7 (fullness=0) Status: Enabled for 0 days 00:00:03 Debug: UrgentĦ96 fingerprints sshuttle -vvv -r 10.10.216.0/22įirewall manager: Starting firewall with Python version 2.7.10 Status: Disabled for 0 days 01:32:48 Debug: Urgent