Results 1 to 6 of 6
  1. #1
    Newbie
    Join Date
    Mar 2019
    Posts
    2

    Question Routing Steam/gaming traffic directly, the rest on VPN?

    Currently I am enabling and disabling rules on the Tunnel VPN application to get my gaming PC on and off the VPN. Generally, I want to be on the VPN. But if I'm gaming the difference between a 20ms and 120ms ping is significant. I would like to have such traffic routed normally for the sake of speed. Game downloads should also be routed directly since the VPN is 1/4 the speed of the real connection. I see Application Control seems to have some idea what is and isn't Steam traffic but I can't seem to apply that ruleset to the Tunnel VPN. I would also like to pass OneDrive traffic correctly as I simply cannot connect to OneDrive when I'm on the VPN... sometimes... depending on whcih server I'm on. Though for that I might just get one of those self hosted cloud servers running. I think uPlay is also blocking on VPN so thats another reason I have to toggle the VPN connection. Is there a way to do this?

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,178

    Default

    Application routing is not possible on NGFW product but is built-in to the new Untangle SD-WAN router.

    https://forums.untangle.com/general/...ta-posted.html
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Mar 2019
    Posts
    2

    Default

    That's disappointing. The information exists between the two apps (packet ID and tunnel routing), they just don't communicate. I'll have to see if I can push different programs though different interfaces in Windows, but I remember trying that before and it not being possible. I know the different IP addresses can be routed on or off VPN.

    EDIT Spoke too soon. Since I have a extra network interfaces after adding 10Gb to the system, I'll try what they're describing here (can't post links, search for "3 ForceBindIP GUI to Easily Bind Windows Application to Specific Network Adapter").
    Last edited by awkword; 08-29-2019 at 06:13 PM. Reason: added idea with link

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,178

    Default

    The problem is routing is done at layer 3 and application classification is done in layer 7. Routing is done on first packet. Classification requires multiple packets. Once the route is selected on the first packet, it's too late for layer 7 to redirect.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,717

    Default

    Quote Originally Posted by jcoffin View Post
    Classification requires multiple packets.
    This is the key point. You can't wait for the later packets to starting routing a session, but you need to the later packets before you have enough data to accurately classify things.

    Thus, routing decisions can't use information from Application Control.

    So instead, you have to cheat and do things like look up common ports for the services you care about. For example, Steam uses 27015-27030 a lot. If you have traffic in that range, you might treat it like game traffic.

    This will mean you might occasionally put some other things on the wrong interface, but it's the best you can do. But the good news is it performs better, so at least you'll make bad routing decisions much faster.
    Last edited by jcoehoorn; 08-29-2019 at 09:18 PM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 14.2.2 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  6. #6
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,178

    Default

    Quote Originally Posted by jcoehoorn View Post
    This is the key point. You can't wait for the later packets to starting routing a session, but you need to the later packets before you have enough data to accurately classify things.
    Unless it is designed for this purpose in the beginning. A.k.a Untangle SD-WAN Router.

    sd-wan-routing.png
    Last edited by jcoffin; 08-29-2019 at 10:34 PM.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2