I expose my problem first :
I am network admin of the IT of my students. We are behind a FW managed by an external organization which forbid every tools which are not approved by french government. Or my servers are supported by Nutanix which use Zoom when there is a problem.
I succeeded in installing an openVPN tunnel thanks to protonvpn. Thanks to this last, I succeeded in AUR creating zoom package and install it.
Through VPN I can use Zoom, good. But I lost my internal SSH connections to my local servers. And I can’t expose to the outside because of the FW.
I hope to be understandable. (excuse my poor english)
What I think about to solve problem :
I have three network adaptaters on my admin computer. I would use one with openVPN connection to go through the FW and use zoom, and at the same time, use another one connected at my admin LAN.
But how saying at my shell to use the local connection and at zoom to use the VPN ?
Thanks a lot if you can help it. I am tired to connect to zoom with my phone and take photos of my screen with it to send them on the chat.
no photos - thank you.
Answering the question - Connect to network cards to different network.
Yes that is possible - using routing matching your network requirements.
So you are looking for a way to allow thirdparty access to your servers within your employer’s secure network for the purpose of troubleshooting?
Bypassing network security is a very bad idea.
Instead you should use approved tools. Check if Teamviewer is in the approved list.
What you are looking for is split tunneling - use your favorite search engine and search for protonvpn split tunneling.
It’s called Split Tunnelling, AFAIK. You’d need root permissions for this. I have never done it, but that’s what it is, AFAIK. Look into that.
But note @linux-aarhus’s comment, it might be a Bad Idea
I will look for that so. Thanks to you two. And I don’t want bypassing the security. The High-school’s network is controlled by an instance (I will call it BigBro) which does a great job to avoid students make dumb things on computers and Internet.
I teach system administration and network administration for few students in high-school and we have a separate network like a DMZ. We have a bridge to access the Internet behind the FW. And to teach servers’ administration, we have a cluster which is not under the control of BigBro, I am the only one who can administrate it. And sometimes, I need to contact the support of the reseller and share my screen. But BigBro blocks every remote tools.
I think split tunnelling is what you want then, yes, and can be achieved several ways, so you’ll have to find the best solution for you.
Have you tried this?
System Settings > Connections > Wired Ethernet: select one. On the
right pane, the
tab "Wired" offers a
"Restrict to device" menu with your connected ethernet ports. Restrict each of your planned connections to its own device/port and allow no other to use that one.
You may need to use a separate IP range for each connection.
Edit: To tell your apps which connection to use, they ought to be given explicit IP target addresses, eg. Zoom from outside internet, internal 1 to 10.42.0.xxx, internal 2 to 192.168.178.xxx, etc. (This is all merely theoretical, I have never done that.)