Selective VPNing

Is it possible for a VPN server to be configured to reroute traffic destin for some port to go out the client's external internet connection instead of the VPN? Here's my predicament - in outlook and outlook express, you can configure it to use the VPN connection, but it can only be configured to use the VPN for everything. I only want outlook to use the VPN for POP3 and IMAP, but all SMTP stills to go out the regular unVPNed internet connection. Another option would be to leave outlook's configuration to use the regular connection, but have the VPN client intercept port 110 and route that through the VPN. Basically, I'm trying to get all POP3 and IMAP traffic to go through our corporate proxy, but all SMTP traffic still need to go to the ISP's server without first going through our VPN. Does anyone know how anything like this would be possible? I'm currently attempting this with OpenVPN

Thanks!
Dan
LVL 3
dancablamAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

j_h_oCommented:
The easiest way is via DNS/IP range.

If you set the clients' POP3/IMAP as an internal IP range/DNS name that is only accessible via the VPN, and the outbound SMTP server as the user's ISP's SMTP server, traffic should route as you intend.

Just to clarify:
POP3/IMAP --> directly off internal mail server over VPN
SMTP --> out thru ISP to be routed as normal mail

Correct?
0
jabiiiCommented:
or use a hardware vpn ..00..
0
calvinetterCommented:
Assuming your OpenVPN server is allowing "split-tunneling", then j_h_o 's suggestion about using the POP3/IMAP servers' internal IPs in your Outlook settings & SMTP via the ISP should work.
  Split-tunneling is the ability for a VPN client to simultaneously access network resources over the VPN tunnel, as well as send unencrypted traffic over their local Internet connection - less secure than locking them into only using the VPN tunnel, but is more convenient for some people.

cheers
0
mianniCommented:
In OpenVPN this is a default configuration:

Extract of the OpenVPN howto manual:

"Routing all client traffic (including web-traffic) through the VPN
Overview
By default, when an OpenVPN client is active, only network traffic to and from the OpenVPN server site will pass over the VPN. General web browsing, for example, will be accomplished with direct connections that bypass the VPN.

In certain cases this behavior might not be desirable -- you might want a VPN client to tunnel all network traffic through the VPN, including general internet web browsing. While this type of VPN configuration will exact a performance penalty on the client, it gives the VPN administrator more control over security policies when a client is simultaneously connected to both the public internet and the VPN at the same time."

Here is the link:
http://openvpn.net/howto.html#redirect 

This is called split DNS, it is less secure which is quite obvious why.
I am a little confused with your description though. You say, you want only smtp to not go via VPN and pop3 and IMAP to go via VPN is this correct?

Can't the proxy act as a relay ? How is the corporate access configured, does it allow SMTP outbound ?
If yes then there is no need to split the traffic and it can all go via the VPN, you just need to configure it this way...read the link on howto achieve this.



0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.