Scenario:
- My work Macbook Pro uses Cisco AnyConnect to connect to my employers
VPN from home. - I am running macOS Catalina on the Macbook Pro
- I have a NAS connected to my home LAN
- Macbook Pro is connected through same home LAN
When I am not connected to my work VPN I can access the NAS by using the expected local IP address (using "Connect to Server…"), however when connected to the VPN this IP cannot be accessed.
I have googled around, but couldn't seem to find an explanation for this specific scenario.
AnyConnect appears to direct all connections through the VPN, although there are no options I can see in the application preferences relating to this.
How can I connect to the local NAS whilst still being connected to the remote VPN on macOS?
Best Answer
The short answer is that you cannot do this. Your VPN administrator has enabled a "full tunnel," such that all traffic goes over the VPN. If your VPN administrator is willing to switch to split tunnels, it will work fine.
The longer, potentially getting you fired answer: you can use openconnect (installed via homebrew) to connect to the VPN. This will still have the full tunnel issue, but it won't continue to screw with the network routes after the initial connection - so you can forcibly enable split tunnels.
To connect, something like:
Then you can fix your routing table:
where 1.2.3.4 is your normal home network default route. You will not be able to access any resources over the VPN after you do this, until you add routes for them:
where 5.6.7.8 is the IP of the VPN resource you want to access, and utun0 is the VPN interface.
But again, risk of being fired if caught, etc, etc.