undefined | Better HN

0 pointsironick093y ago0 comments

This is only partially true, if _all_ traffic is tunneled over the vpn, then yes you’ll have this issue, but if the traffic is split such that only interesting traffic is sent over the vpn, then you won’t have this issue.

0 comments

OJFord3y ago

AWS Client VPN breaks it just by having ever run, even if not currently active, as it sets `sysctl net.ipv4.ip_forward=0` 'for you'.

My suspicion is that since you pay for client connections, they don't want you running a single bastion client and having your real clients connect via that. But it's annoying, and if you really wanted to do that, you only have to edit the script, or set it back on a schedule/after starting up the client.

tyingq3y ago

Yes, though the end user has no control over that knob...the corp end can turn off split tunneling and it's off by default.

j / k navigate · click thread line to collapse

0 pointsironick093y ago0 comments

0 comments

OJFord3y ago

AWS Client VPN breaks it just by having ever run, even if not currently active, as it sets `sysctl net.ipv4.ip_forward=0` 'for you'.

tyingq3y ago

Yes, though the end user has no control over that knob...the corp end can turn off split tunneling and it's off by default.

j / k navigate · click thread line to collapse