Basically, our helpdesk is suffering when using team-viewer while on the VPN, because currently all the traffic flows back through the VPN (outside of things we designate). Would like to know if anyone knows the way traffic flows for teamviewer.
If the traffic all connects to a server in their cloud, I can just point all traffic to the teamviewer domain to be excluded, but if it’s p2p after the initial connection, might have to do some different work.
Was wondering if anyone knew?
I think it would bee easier to have the vpn split?
I think you would be better of redesigning your split tunnel. Usually a split tunnel only routes specific subnets (generally your private network, 10.0.0.0/8 172.16.0.0/12, 192.168.0.0/16 and a few public ones where you need to originate or inspect traffic uniquely).
I assume you are doing this for security reasons by inspecting all traffic through a FW, but this is surely a killer for your bandwidth. At any rate it’s not very scalable without significant investment!
Anyway, whatever your reasons - I believe TeamViewer establishes a P2P connection after some initial server checking-in (or at least it used to!), so it may not be viable with your current setup.
It’s still going to route out each host’s public IP, not over your internal IP scheme, so shouldn’t matter if it’s bounced off a Teamviewer server or peer-to-peer.
If I remember correctly if you stop the P2P connection with the client from happening at the firewall level then the connection will always be routed through the TeamViewers servers. Just find that IP range an exclude it from the VPN.
Yes you’re correct, if I remember it uses weird ports in the 8000 range which the VPN client can split traffic by. It’s Global-Protect.
It will, if it routes through team-viewers cloudspace, I can exclude those public IP’s or domains from the VPN tunnel.