I have a VPN which has setup a default route, which is (of course) different to my gateway. All my traffic therefore gets routed through the tunnel.
however i would like to exempt certain apps from going through the tunnel.
Using pfctl i was able to do the following:
pass out quick route-to (en0 192.168.0.1) group specialgrp flags any
To send all traffic from apps belonging to the "specialgrp" (gid) out the standard gateway rather than the tunnel.
This works, in so far as the traffic does appear on the standard gateway when i use tcpdump – however the source ip address is not correct, it's set to the address given to me by the VPN (a 10.0.0.0/8 address) rather than my local ip address, as a result the app can't operate, as the source ip is incorrect.
How do i correctly set the source ip of the outgoing packets so that they're set to the ip address of my computer, rather than the VPN?
thanks
Best Answer
You could try some kind of re-write script - the tcprewrite tool in linux (it may not exist in OSX) can rewrite packets stored in the a tcpdumpfile. You could then couple this with TCPrelay which, er, replays the re-written tcpdump pcap files.
https://linux.die.net/man/1/tcprewrite
If that seems too much effort (tbh, I could see why) you could try some proxy software that offers some kind of re-write capability. A quick google has shown
Charlesto be one such, imagine there are others. There is a cost associated with this one, but you can trial it.https://www.charlesproxy.com/documentation/tools/rewrite/
As I say, I'm sure others are available. No affiliation with
Charles, just the first one that I found.