Possible to route Twingate traffic over specific interface?

Support / Troubleshooting
1

Thank you for a wonderful product ! It really makes a huge difference to us!

I have a laptop with multiple interfaces (one for company wifi and one my own tethered phone) - one dedicate for work/official business and one for personal business. I want personal business traffic routed over tethered line via twingate to my own servers - while other interface remains dedicated to official business - but not another VPN (using wifi)

I see Twingate puts itself at the highest priority on Windows stack with METRIC1. Now how do I tell Twingate to go over one interface not other ?

I have done this:

remove my personal phone line first.

route DELETE 0.0.0.0 xxx.xxx.xxx.xxx
(here xxx… is the gateway of my 2nd/Phone line

Now put it back at highest priority but only for my network

route add MY_CIDR MY_MASK MY_PHONE_GATEWAY_IP METRIC 1 IF PhoneInterfaceId

This command returns OK and even works when I try

Find-NetRoute -RemoteIPAddress “MY_SERVER_IP”

(returns my phone line for my servers and general wifi for other traffic)

But is this the right approach ? I guess all DNS resolutions are first done by my connector in AWS cloud and then by my other interface - making things little slower. May be this is the best I can do.

thank you!

2

Hey Femski!

To make sure I’m understanding what you’re asking correctly, this is how I am interpreting your question.

“I would like it so any traffic Twingate sends/receives only goes over my tethered phone connection, and not the wifi/any other network I may be connected to.”

Unfortunately there is no out of the box solution for this question at the time.

I believe the route change you mention would essentially remove Twingate from the equation, and simply ensure that any traffic going to your specified CIDR would go out over the mobile connection, but not actually control how Twingate traffic travels.

To ensure that any traffic travelling to/from Twingate went over the tethered connection, you’d want to add routes for the following IPs attached to your tethered connection.

  1. Your Twingate connector ip(s)
  2. The Twingate Relay IPs for your region
  3. The Twingate Controller IP(s)

The biggest problem with this, is that for #2 and #3, it’s a … large list.

The relay/controller IPs are GCP hosted, and while they do provide a publicly accessible list of IPs, it’s not small, and it’s also a bit dynamic, so you’d need to be constantly monitoring for updates and changes, but this would be the only real way to ensure that all Twingate traffic was routed only over your tethered connection.

However, doing this could lead to routing issues should you ever be in a position where your tethered connection is unavailable or something changes with it, as Twingate would not be able to authenticate properly (due to no access to the Controller) and would likely need to be stopped to regain connectivity.

As well, because GCP is a widely used platform, you would likely end up routing a lot of non-Twingate related traffic over your mobile connection as well.

Should it be something you want to undertake, here’s some info that could help:

GCP IP List: https://www.gstatic.com/ipranges/cloud.json
Twingate Relay Location List: Understanding Relays | Docs

You could correlate your physical location(s) to our Relay list, and then route only the relevant GCP regions over your tethered connection.

I hope this helps, even if it isn’t the answer you likely wanted, and if we’ve misunderstood let us know and we can keep looking!

Thanks,

-arthur