Author Topic: Can SecureLine VPN be set to route all traffic via the VPN except Outlook 2019?  (Read 2192 times)

0 Members and 1 Guest are viewing this topic.

Offline DDB

  • Newbie
  • *
  • Posts: 1
Hello

I run Avast Security 14.2 (the free version) on a Mac running macOS 10.14.6 at home.

I've recently tracked down what appears to be the solution a problem that had been crippling my Mac for months.

I use Microsoft Outlook to access 2 POP email accounts. For years this was Outlook 2011, but a few months ago it stopped being able to connect to the mail server at my domain hosting company (Paragon Internet, who trade as Tsohost).

To cut a long story short, the best guess myself, Tsohost & the IT department at my work (I asked them for help as well) could come up with was that a hidden Microsoft security update - probably applied by Microsoft AutoUpdate 4.x - meant that Outlook 2011 was modified in some way (despite the version number sticking at 14.7.7) meaning that it could no longer connect to mail servers that insist on the TSL 1.2 security protocol (Tsohost moved to this protocol about 18 months ago supposedly).

I also use Outlook 2011 for Mac at work, also running on macOS 10.14.6, and a day after it stopped working at home, the same thing happened at work. The symptoms there were different (as it connects to a Microsoft Exchange server at work, not a remote POP account) but this can't have been a coincidence.

Anyway, the solution at home was to upgrade to Outlook 2019, which supports TSL 1.2. (Outlook 2016 for Mac doesn't support this, surprisingly). However, I was still getting problems, until I discovered, after months of repeatedly wiping HDs & SSDs, reinstalling the OS, migrating applications & preferences, etc over & over again, that upgrading to Outlook 2019 wasn't enough.

The connection to Tsohost's mail server still doesn't work if a certain check box is enabled in Avast Security 14.2's Preferences.

Under Preferences -> Core Shields -> Email Shield, there's a checkbox labelled "Scan secure connections". If this box is checked, my Outlook 2019 can't connect to my POP accounts. Therefore it appears that Avast isn't just scanning the connection, it's altering it in some way and causing it to break.

Now, I'm considering getting (the paid for version of) Avast SecureLine VPN for Mac. Given my experiences with Avast Security to date, my question is, can I set SecureLine VPN's preferences so that all internet traffic goes via the WPN, except for when Outlook tries to connect to my POP accounts (or failing that, except for when Outlook tries to connect to the internet in general)?

My hunch is that if Avast Security merely scanning my email connection breaks it, then routing that connection via a VPN will almost certainly do the same thing. So, could I set the VPN to route Outlook's connections directly, and not via the VPN, or is a VPN an all-or-nothing sort of thing? i.e. everything goes via it, or nothing does? I have no experience at all with VPNs.

Many thanks in advance for any advice anyone can provide.

(I'm aware I could just download the trial of VPN & try it out, but I'm loath to do that given my ignorance of VPNs, and I'm concerned I'd get mired in fiddling with settings & preferences again for weeks & weeks).

Thanks.

Offline ondrej.kolacek

  • Avast team
  • Sr. Member
  • *
  • Posts: 280
Hello,

to scan mail, Avast Mail Shield intercepts POP3 and IMAP traffic, and in effect works as a kind of caching proxy. We are aware of issues with older versions of Outlook 2011 that is caused by the fact that this version of Outlook only supports obsolete SSL/TLS cipher suites; I hope our fix for this is already published, or will be shortly.

I am not aware of any issues with POP3 and Outlook 2019, I will try to investigate this. EDIT: our tests seem to be passing normally with Outlook 2019; please, could you contact me at ondrej.kolacek <at> avast.com if you are experiencing issues with Outlook 2019 and are willing to help me to analyze the problem.

AFAIK VPN should have zero impact on POP3 traffic, so there should be no issue with routing POP3 through the VPN.

Kind regards,
Ondrej Kolacek
« Last Edit: November 15, 2019, 03:47:20 PM by ondrej.kolacek »

Offline krahulik

  • Moderator
  • Sr. Member
  • *
  • Posts: 277
Hi,
the operating system's firewall can be configured to route traffic to certain domains/IP ranges/ports bypassing a VPN tunnel. It must be however done manually in `/etc/pf.conf` or `/etc/pf.anchors`, Avast Secureline VPN product doesn't have any user interface to do so at this moment.

The VPN service shouldn't cause issues with email exchanges directly but it faces relatively frequently restrictions on email service provider firewalls based on incoming IP addresses. The product has a free seven-day trial, it's the best option to verify it the product matches your needs.

Best Regards,
Martin