Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 575
  • Last Modified:

Selective VPNing

Is it possible for a VPN server to be configured to reroute traffic destin for some port to go out the client's external internet connection instead of the VPN? Here's my predicament - in outlook and outlook express, you can configure it to use the VPN connection, but it can only be configured to use the VPN for everything. I only want outlook to use the VPN for POP3 and IMAP, but all SMTP stills to go out the regular unVPNed internet connection. Another option would be to leave outlook's configuration to use the regular connection, but have the VPN client intercept port 110 and route that through the VPN. Basically, I'm trying to get all POP3 and IMAP traffic to go through our corporate proxy, but all SMTP traffic still need to go to the ISP's server without first going through our VPN. Does anyone know how anything like this would be possible? I'm currently attempting this with OpenVPN

3 Solutions
The easiest way is via DNS/IP range.

If you set the clients' POP3/IMAP as an internal IP range/DNS name that is only accessible via the VPN, and the outbound SMTP server as the user's ISP's SMTP server, traffic should route as you intend.

Just to clarify:
POP3/IMAP --> directly off internal mail server over VPN
SMTP --> out thru ISP to be routed as normal mail

or use a hardware vpn ..00..
Assuming your OpenVPN server is allowing "split-tunneling", then j_h_o 's suggestion about using the POP3/IMAP servers' internal IPs in your Outlook settings & SMTP via the ISP should work.
  Split-tunneling is the ability for a VPN client to simultaneously access network resources over the VPN tunnel, as well as send unencrypted traffic over their local Internet connection - less secure than locking them into only using the VPN tunnel, but is more convenient for some people.

In OpenVPN this is a default configuration:

Extract of the OpenVPN howto manual:

"Routing all client traffic (including web-traffic) through the VPN
By default, when an OpenVPN client is active, only network traffic to and from the OpenVPN server site will pass over the VPN. General web browsing, for example, will be accomplished with direct connections that bypass the VPN.

In certain cases this behavior might not be desirable -- you might want a VPN client to tunnel all network traffic through the VPN, including general internet web browsing. While this type of VPN configuration will exact a performance penalty on the client, it gives the VPN administrator more control over security policies when a client is simultaneously connected to both the public internet and the VPN at the same time."

Here is the link:

This is called split DNS, it is less secure which is quite obvious why.
I am a little confused with your description though. You say, you want only smtp to not go via VPN and pop3 and IMAP to go via VPN is this correct?

Can't the proxy act as a relay ? How is the corporate access configured, does it allow SMTP outbound ?
If yes then there is no need to split the traffic and it can all go via the VPN, you just need to configure it this way...read the link on howto achieve this.


Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now