I have tried a number of VPN services lately. When I ask about using split tunneling/bypass features, they all say it doesn't work on Macs? (I am using Ventura on iMac) Is this a Mac specific issue because it seems tunneling works on Windows/Linux/etc.?
L_Sykes wrote:
I have tried a number of VPN services lately. When I ask about using split tunneling/bypass features, they all say it doesn't work on Macs? (I am using Ventura on iMac) Is this a Mac specific issue because it seems tunneling works on Windows/Linux/etc.?
No. What they mean is that their products don't support this feature on the Mac.
For clarification, remember that a significant portion of all apps in the "security" domain (which includes VPNs) are outright scams. I'm not naming names, but that's just the way it is. There are a handful that are legitimate, but I can't mention those either because they could be bought out by the scammers and fraudsters at any time. I only mention that to point out the the only goal here is to separate you from your money, or from your personal information. They are not concerned with your security or offering any kind of advanced functionality.
These same services may still work on Window and Linux just because Windows and Linux have been around for decades. The Mac is only a couple of years old. What? You thought it was older than that? The modern Mac is a very recent port of iOS to a new hardware configuration. So the infrastructure for supporting something like a VPN is based on how iOS supports VPNs, with some crude hacks to support enterprise users.
What this means is that supporting an advanced feature like split tunnelling is very difficult and unrewarding. Very few Mac users even know about this and Mac users are still a tiny niche market. So there is no money to fund development of advanced features like this. You might be able to find some enterprise product that supports split tunnelling. It will likely be outrageously expensive and a royal pain to use. Another route might be the open source path. It's free, but takes the pain to a whole new level.
Did I say "route"? I don't know anything about the enterprise market, so I can't help there. But here are a couple of links that might help.
Here is some background on modern Mac VPN architectures: Split tunneling. | Apple Developer Forums (This two years old, so when they speak of "future versions", they are talking about today.)
Here is another two-year old post about open-source methods: https://medium.com/@edgar/how-to-split-tunnel-vpn-traffic-on-mac-561da7353110, based on this project: https://github.com/dlenski/vpn-slice
I have no idea if any of that works. If it does, and you want to try to figure it out, there are other people who would appreciate a solution: 3rd Party VPNS & Split Tunneling - Apple Community
L_Sykes wrote:
I have tried a number of VPN services lately. When I ask about using split tunneling/bypass features, they all say it doesn't work on Macs? (I am using Ventura on iMac) Is this a Mac specific issue because it seems tunneling works on Windows/Linux/etc.?
No. What they mean is that their products don't support this feature on the Mac.
For clarification, remember that a significant portion of all apps in the "security" domain (which includes VPNs) are outright scams. I'm not naming names, but that's just the way it is. There are a handful that are legitimate, but I can't mention those either because they could be bought out by the scammers and fraudsters at any time. I only mention that to point out the the only goal here is to separate you from your money, or from your personal information. They are not concerned with your security or offering any kind of advanced functionality.
These same services may still work on Window and Linux just because Windows and Linux have been around for decades. The Mac is only a couple of years old. What? You thought it was older than that? The modern Mac is a very recent port of iOS to a new hardware configuration. So the infrastructure for supporting something like a VPN is based on how iOS supports VPNs, with some crude hacks to support enterprise users.
What this means is that supporting an advanced feature like split tunnelling is very difficult and unrewarding. Very few Mac users even know about this and Mac users are still a tiny niche market. So there is no money to fund development of advanced features like this. You might be able to find some enterprise product that supports split tunnelling. It will likely be outrageously expensive and a royal pain to use. Another route might be the open source path. It's free, but takes the pain to a whole new level.
Did I say "route"? I don't know anything about the enterprise market, so I can't help there. But here are a couple of links that might help.
Here is some background on modern Mac VPN architectures: Split tunneling. | Apple Developer Forums (This two years old, so when they speak of "future versions", they are talking about today.)
Here is another two-year old post about open-source methods: https://medium.com/@edgar/how-to-split-tunnel-vpn-traffic-on-mac-561da7353110, based on this project: https://github.com/dlenski/vpn-slice
I have no idea if any of that works. If it does, and you want to try to figure it out, there are other people who would appreciate a solution: 3rd Party VPNS & Split Tunneling - Apple Community
OK, wow, not what I expected to hear not what I wanted. However, I'm not surprised. Thanks for the insight and direction. After I check out the articles you listed and look for some answers, I'll post my own conclusion if I come to one. I was looking for the easy solution through some of the apps you no doubt have in mind. Thanks for the trail to hunt on.
Thanks Steve, I understand your answer and can't disagree with your conclusion; I guess I was trying to find a simple, convenient solution to allow the VPN to stay connected while allowing some apps/sites to operate outside the VPN. Thanks for the info. I just discovered Tunnelblick for use with OpenVPN on a Mac; I'm researching that as an option. I appreciate the answers, though. Thank you for taking time to respond.
My wife’s work VPN is setup to allow local LAN access.
My company’s VPN (Cisco AnyConnect), they intentionally block local LAN access, however, they have things such as Zoom bypass the VPN.
In both examples, Monterey is the OS version.
So I think your VPN provider is wring.
L_Sykes wrote:
OK, wow, not what I expected to hear not what I wanted. However, I'm not surprised. Thanks for the insight and direction. After I check out the articles you listed and look for some answers, I'll post my own conclusion if I come to one. I was looking for the easy solution through some of the apps you no doubt have in mind. Thanks for the trail to hunt on.
Until recently, we used VPN split tunneling for remote access to workplace networks. (On Pulse Secure) In fact it still works, at least under Monterey, but it has recently been disabled by the employer for security reasons, but it can be enabled on a special exception basis. We have thousands of Macs in use, it does work, but by default it is disabled on our enterprise installations.
I agree with Etrecheck -- and I never use VPN except where mandated by the workplace, and then only with well vetted and secure tools that they provide.
Not being able to use split tunneling is at worst an inconvenience, it should not be a showstopper. You can easily address that by temporarily disconnecting from VPN, utilizing the other network (which used to be available under split tunneling), then reconnecting as needed.
Why does VPN split tunneling not work on Macs?
