Using AllowedIPs and AllowedApps
WireSock Secure Connect provides the ability to filter traffic through a VPN tunnel using AllowedIPs and AllowedApps. While these options offer precise control over which applications and destinations are tunneled, it's important to understand how they work together.
Using AllowedIPs and AllowedApps Simultaneously
You can use AllowedIPs and AllowedApps at the same time, but their behavior follows an AND condition. This means that for traffic to be tunneled, it must match both of the following criteria:
- The destination IP address must be listed in AllowedIPs.
- The application generating the traffic must be listed in AllowedApps.
Example Scenario
If you add YouTube’s IP ranges to AllowedIPs but also list specific applications in AllowedApps, only traffic from those applications to YouTube’s IPs will be tunneled. Other applications in AllowedApps that do not communicate with YouTube’s IPs will not be tunneled.
Best Practices
- If you want all traffic from selected applications to go through the tunnel, avoid setting restrictive AllowedIPs.
- If you need only certain websites to be tunneled, but not entire applications, consider alternative solutions such as split tunneling at the browser or system level.