Here's the scenario: I have a PC which is directly connected to a router which connects to my ISP and the Internet. The router has an external IP address that's visible to the Internet. This IP address is dynamic, so I've been successfully running with Dynu DDNS using the client software for this for some time. This means I can use RDP to connect to the PC via the Internet using the domain name I've allocated to it.
So far Wifi Privacy changes this (for the worse)! It's creating a VPN tunnel from the TAP adapter created on my PC via my router/ISP to Symantec servers - effectively changing my gateway to the Internet. As far as my router is concerned it's public IP address remains unchanged but the Dynu DDNS software correct detects the change in effective public IP address and updates accordingly. This in theory is a good thing...however RDP connections now fail. I can only assume that this is some feature of the tunneling configuration/VPN not being able to correctly handle RDP traffic as RDP connections will operate just fine as long as Wifi Privacy is switched off.
Now as Wifi Privacy is built on OpenVPN I reckoned I must be able to create a split tunnel to allow me to create a route that is outside the Wifi Privacy tunnel and that can allow me to send RDP traffic direct to my PC. I have had some minor success in configuring this using the "client.ovpn" configuration file. For example, the Dynu DDNS client software uses "ipcheck.dynu.com" to update it's record of the client's Internet-visible IP address: this resolves to two IP addresses which you can add as routes in client.ovpn:
route aaa.bbb.ccc.ddd 255.255.255.255 net_gateway
route vvv.xxx.yyy.zzz 255.255.255.255 net_gateway
These are now routed outside of the Wifi Privacy tunnel and the Dynu DDNS software will resolve the "PC's" external IP address to that of the router as supplied by my ISP (not from the Symantec VPN).
Now given my router is already forwarding RDP port traffic to my PC (remember RDP works when Wifi Privacy is off) you would hope that traffic sent to it's Internet-visible IP address would be passed to my PC IP address. As RDP is not working when Wifi Privacy is on I'm guessing the only thing missing is additional config that will allow the RDP traffic to bypass the Wifi Privacy (OpenVPN) tunnel and go direct to it's physical NIC (rather than the OpenVPN TAP adapter). I can see that the RDP port 3389 is bound to 0.0.0.0 when Wifi Privacy is on (which I assume will be the TAP adapter): will this binding need to change to the PC's physical NIC? If so, what is the best way to do this? Ideally I want all inbound/outbound traffic routed via the VPN, but only RDP traffic to circumvent the VPN - is this a suitable way to do this...is it even advisable? Also I'm guessing that it's just the binding that's the issue now rather than any additional routing as my Internet router traffic already gets routed to the physical NIC.
Lastly, as RDP does not work if I try to connect to my PC using it's Wifi Privacy generated external IP address I'm assuming that the Symantec configuration of Wifi Privacy does not support RDP over it's tunnel (even though from literature I've read OpenVPN can support this). Is this correct or am I missing something else here?