Can't connect to Internet while F5 VPN is connected

I'm using F5 BIG-IP Edge VPN client on OS X Yosemite 10.10 and trying to find the best way to access the web, while connected

Has anyone found a solution, how to make it work? Maybe this could be an approach to setting up routes in memory?

The behavior of the application looks like this, from the beginning:

  • backup of the original /var/run/resolv.conf
  • provide a new resolf.conf from the vpn client
  • checking the hash of resolv.conf, when failed - replace it with the provided by vpn client

Well, and since the application is running from the wheel user, I don't have the option to replace routs on the file level

Looking for community advice

Note: using VM for this purposes, doesn't seem good, because VPN client only works on MacOS and Windows operation systems, or at least the fixed version on Linux wasn't found


Solution 1:

Building on HBruijn's comment:

There are a few reasons this would not work:

  1. Split Tunneling is not allowed and the VPN routes are preventing web browsing while on a full VPN tunnel (or policy is explicitly denying browsing while on VPN). This is configurable by your VPN administration team/person.

  2. The VPN network is mirrored to your home LAN and VPN routing configurations are creating problems. This does happen from time to time when VPN networks override with home networks and complex internal network routing confuses the two. This usually happens when split tunneling IS allowed but the VPN think's your home network is the corporate VPN network. You'll get async routes and all sorts of fun issues there. Again, VPN team will need to work with you to resolve permanently.

  3. Something is just wrong with the routing table provided by the VPN client. This again will fall on your VPN admins configuration of how the VPN network is allowed to route your home traffic.

And from HBruijn; You should usually allow for routing table changes to be made by the VPN so you can get proper access to resources. If Prohibit routing table changes during Network Access Connection is flagged, definitely disable. This is pretty important if you're not allowed to use split tunneling. You won't receive corporate routes to allow external traffic. I run macOS and the F5 VPN tunnel in full tunnel (no split) and it works fine. Corporate just asks that I don't stream Netflix while on VPN.

tl;dr - Your VPN team will need to address the configuration, routing, or browsing policies when the Edge client connects to corporate resources. You can one-off fix routing tables but it will reoccur until they address it permanently.