Separate thunderbolt LAN and wireless connections?

[terrapin54]

I frequently remote desktop into my workplace computer - connecting through my organization's VPN. For this, I make a wired LAN connection using a thunderbolt to ethernet adaptor.

It works well but the problem is that my organization's VPN is very restrictive and while I'm connected I can't access my gmail, iCloud, dropbox, youtube etc.

Is it possible to have my Mac to use the thunderbolt LAN only for the VPN connection and have a separate wireless connection for unrestricted internet access?

 

[louishen]

The VPN should have its own entry in the network preferences, separate from your LAN wireless set-up

If you have a VPN option in network preferences select it and click the advanced button. Is send all traffic over VPN ticked?

 

[Raz0rEdge]

My overall answer is going to be No. You cannot have two network interfaces active at the same time that will give you different level of access.

The longer answer requires understanding of routing and gateways. In any network there a path needs to be created for packets from your computer to reach the outside world and back again. This is handled by the gateway that handles that transmission. There is usually a default gateway that is defined.

Open up a terminal and type

netstat -nr

You might see output like:

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 31 2 en1
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 7 26937 lo0
169.254 link#5 UCS 0 0 en1
192.168.1 link#5 UCS 7 0 en1
192.168.1.1 0:7f:28:56:5d:96 UHLWIir 32 1267 en1 1168
192.168.1.3 24b:81:66:e9:63 UHLWIi 0 2289 en1 1111
192.168.1.5 0:22:5f:eb:16d UHLWIi 0 151 en1 1175
192.168.1.9 127.0.0.1 UHS 0 0 lo0
192.168.1.10 74:2f:68:19:6:21 UHLWIi 1 1396 en1 419
192.168.1.50 0:d2:1:ed:7d UHLWIi 1 252449 en1 36
192.168.1.255 ff:ff:ff:ff:ff:ff UHLWbI 0 45 en1

So the first entry marked default is the default gateway, 192.168.1.1 in my case, and uses network adapter EN1 (my Airport WiFi connection).

If had a second Ethernet adapter also active, it might have a separate address, but you can only have one default gateway (the place where all packets have to be sent to get routed)..and if the default gateway happens to be the Network interface attached to your VPN, then certain packets will not get routed, if the default gateway changes to your unrestricted adapter, then all of your packets meant for your VPN will fail.

You cannot instruct the browser or any application to use one adapter as opposed to the other for specific tasks..

So, you have to remain connected to the VPN to do what you must and then turn if off to access sites your VPN doesn't allow.

Now, there is one caveat and I will mention that for compleness..what I said about a single default gateway isn't exactly true, but you can take my word that it is 99% of the time..

There is, however, a situation when you can have 2 separate networks on two separate adapters and use both of them at the same time. In this case you will have a default gateway for each of the networks..

So, one network might be 192.168.1.x and the other might be 172.16.x.x. In this case you would need to specifically target machines on that two separate networks to force packets to go down a particular adapter. In virtually ALL normal situations, you will never face this sort of situation, so I just mention it as something that does happen once in a while. I do this kind of thing at work, but that's an entirely different story..