VPN split tunnel

[Tiago 0]

Hi,

I have Eset Internet Security on Windows 10 x64 - both software updated with the last updates. 
I have installed surfshark, and when I activate the whitelist function (to make some traffic go through the VPN and other traffic) to go outside the VPN - apps that are "whitelisted lose the internet."

I have uninstalled eset, and the app starts working without issues and reinstalled and the issue reappeared.

I have added surfshark folder to the exclusions and also in the firewall created a rule to allow all traffic. But it doesn't seem to make any difference.

 

 

Anyone had the same problem?

 

Any solution?

 

Thanks

 

[Marcos 5,074]

If you remove all custom fw rules and use automatic mode, does it work? If not, is it possible to unblock connections via the firewall troubleshooting wizard?

[itman 1,659]

For starters, create an Eset firewall rule for surfshark.exe including its full path name. Set the rule to allow all inbound/outbound UDP and TCP protocol traffic. Move the rule to the top of Eset's existing firewall rule set. Make sure to save your firewall rule changes.

If Surfshark works OK after performing the above, the issue lies with an existing Eset user created or default firewall rule.

[Tiago 0]

Thanks for the tips

 

I tried both suggestions but the problem remains

[itman 1,659]

1 hour ago, Tiago said:

I tried both suggestions but the problem remains

In the Eset firewall you created, change the protocol setting to any and retest.

[Tiago 0]

Hi itman

 

The issue remains still

[itman 1,659]

On 2/21/2021 at 9:32 AM, Tiago said:

I have installed surfshark, and when I activate the whitelist function (to make some traffic go through the VPN and other traffic) to go outside the VPN - apps that are "whitelisted lose the internet."

The issue as you posted appears to be this Whitelister feature of Surfshark VPN.

As I interpret this feature, a "dual fork" network connection scenario is being created. Whitelister specified apps are bypassing the VPN and using the Win default network connection. A lot depends of how SurfShark handles this.

I suspect that this rerouting of Whitelister app network traffic is being done internally by the surfshark.exe program. In other words all Eset "see's" network-wise is the Surfshark VPN connection. Also whereas Eset will allow for and if required create multiple known network connections, it will only use one of those as the active network connection. In this instance, it is the Surfshark VPN connection.

At this point, I would recommend you open a tech support request with Eset U.K. on this issue. Maybe they know a solution. I am out of ideas on a resolution other than not using the Whitelister feature. 

[Tiago 0]

Hi itman

Yes surshark creates a fork to rerout some trafic outside the vpn

Thanks for the help :)

[itman 1,659]

I would also contact SurfShark tech support in regards to a workaround in regards to Eset Internet Security use. I would imagine that this issue has cropped up previously in other AV Internet security products employing a firewall.

Edited February 23, 2021 by itman

[itman 1,659]

One other setting to check in Eset GUI.

In Firewall settings, verify that "Protection type of new networks" is set to "Use Windows setting" per the below screen. It should be since this is the Eset default setting.

[itman 1,659]

I also found this article on VPN split tunneling in Windows: https://www.comparitech.com/blog/vpn-privacy/vpn-split-tunneling/ .

Scroll down to this section titled: How to split tunnel on Windows. In this section is described how to verify if split tunneling is enabled for your VPN connection using PowerShell commands. Also described is how to enable split tunneling if it is not enabled.

One possibility here is the Eset installation in some way disabled split tunneling on the SurfShark VPN connection for some unknown reason. Therefore, the first thing you want to do is verify if split tunneling is enabled (a value of "true") for the SurfShark VPN connection. If it is disabled, enable it and see if that resolves this issue when Eset is installed.

Edited February 24, 2021 by itman

[Tiago 0]

Hi itman
I want to really thank you for your effort and research.
I am grateful even though, unfortunately, we couldn't yet fix the issue.

Surfshark says it is an eset problem. Eset syas it is a sufshark probelm 

All the best

[itman 1,659]

I guess I should also note that other AV solutions appear to have issues with VPN split tunneling. I saw a web posting that AVG/Avast doesn't support it. Eset should at least research this and post a KB article stating they also don't support it if that is the case.

Edited February 25, 2021 by itman