Split Tunnel - File Locations, Known Issues, and Workarounds

nick_cnick_c
edited October 2019 in General VPN Support
Hello everyone! Nick from QA here.

Our split tunnel feature is pretty comprehensive, and it's impossible for us to test it against every single app in existence in house. I'd like to humbly ask you all to post any problems and/or workarounds on this thread. Also, since Linux binaries can hide in unexpected places, post the ones you find here, too.

To get things started:

Windows:

  • Localhost bug - any app which listens on localhost has to be accessed by your private IP address, rather than localhost or 127.0.0.1.
  • Plex does not work with split tunnel. To access your Plex server remotely, TURN OFF split tunnel and forward a port manually through your router. On your router, choose the port you specify in the Plex UI for the remote side and 32400 for the local side. The Plex UI will report that your server is not accessible remotely, but you will still be able to reach it from a remote device. To access from a remote web browser, enter http://<ISP IP>:<Remote Port>.
  • The Blizzard app update agent fails to connect, rendering the whole app unusable
  • Only TCP or UDP traffic may be excluded. Other protocols, such as ICMP, must route over the VPN

macOS:

  • Only .app files can be excluded; naked binaries will not be excluded through split tunnel
  • Only TCP or UDP traffic may be excluded. Other protocols, such as ICMP, must route over the VPN

Linux:

  • Server apps, such as Plex, Netcat, Jellyfin, etc do not exclude. A fix is pending.
  • Hidden directories cannot be accessed through the file selection GUI and must be typed into the file name bar manually
  • Flatpak apps cannot be excluded one-by-one; to exclude one, it is necessary to exclude Flatpak entirely, which resides in /usr/bin/flatpak.

All platforms:

  • Excluding Steam doesn't necessarily exclude games launched from Steam. The behavior is bound to be slightly different per-platform, but Steam has a lot of moving parts and things may not work as expected.

Binary file locations on Linux:

Many Linux apps are run via .desktop files, links, or shell scripts. Only excluding the actual running binary file will allow a given app through the split tunnel. Most binaries are located in /bin, /usr/bin, /sbin, and /usr/sbin. To find them, run this command from the terminal: readlink /proc/$(pgrep <app name> | head -1)/exe. Exclude the exact file location returned. Snap packages can be found under the /snap directory, and .appimage files can be excluded directly.

Here are some examples of strange locations on Linux:

Chrome: /opt/google/chrome/chrome
Firefox: /usr/lib/firefox/firefox
Opera: /usr/lib/opera/opera
Chromium: /usr/lib/chromium/chromium
Brave: /usr/lib/brave/brave
Thunderbird: /usr/lib/thunderbird/thunderbird
Steam: ~/.local/share/Steam/ubuntu12_32/Steam
Steamwebhelper: ~/.local/share/Steam/ubuntu12_64/steamwebhelper
Hexchat: /usr/bin/hexchat
Discord: /opt/discord/Discord

This is a moving target, so please post any issues and/or workarounds you encounter on this thread. Thank you for participating.





Comments

  • TheOneSeeTheOneSee
    Can we do anything to help research the issue with Plex?
  • nick_cnick_c
    We found a workaround for Plex on Windows internally, which I wrote up in the original post. We have some fixes in QA for Linux that allow it to work better as well. If those Windows instructions work for you, it would help us if you check the Plex client you use and post any configuration steps you take. If it doesn't work, or if you need more clarification, let us know that too.
  • nightshiftnightshift
    Rift MMO reports that my IP has changed, when I switch between accounts while using the split tunnel for Rift. This is what normally happens while using the VPN.

    I have to disconnect the VPN, then log into Rift, then I can re-enable the VPN. It is fine for all logins from then on, on the same account, but if I switch accounts, it again will tell me my IP has changed.

    I added it to the split tunnel, but it doesn't seem to work for this program.
  • wolfspiritwolfspirit
    Split tunneling was working fine for my apps like Firefox, Streamlabs OBS... And one day it just refused to connect if it was added to the bypass list. Was there a recent change in the background last week?
  • Omnibus_IVOmnibus_IV
    Under the Network settings where you added your websites for split tunnel, try changing your DNS settings. Restart the app once the settings have been changed.
  • wolfspiritwolfspirit
    edited March 2020
    Still doesn't work. Those apps seem to lose all connectivity to the internet.
  • Omnibus_IVOmnibus_IV
    I'd recommend a support ticket. Might be the fastest route.
    https://www.privateinternetaccess.com/helpdesk/new-ticket

  • avensis18avensis18
    edited January 20
    Hi, I have the same problem it doesn't work for me too.
Sign In or Register to comment.