Abstract: Techniques for a client device configured with a kernel driver framework (KDF) to establish connection(s) with target workload(s) provisioned in remote network(s) (e.g., an enterprise network) using non-routable synthetic IP address(es) (e.g., a loopback address within a link-local address range, a unique local address within a discard prefix range, and/or the like). The KDF may intercept DNS requests from application(s) executing on a client device, generate and return a synthetic IP address associated with a given domain in the DNS request, and establish a connection with a secure access gateway using the non-routable synthetic IP address. Additionally, the KDF may invoke an external browser with an authentication redirect to a randomly generated synthetic IP address on a randomly generated port, where a local listener on a client device may listen on the synthetic IP address and random port to obtain and/or store authentication data for later use.

Abstract: A computing device dynamically excludes/includes traffic from/in a secure tunnel based on the domain name of the destination of the traffic. The computing device establishes a secure tunnel from the computing device, and receives a request to access a remote resource at a domain name. The computing device resolves the domain name at a domain name server and receives a resolved network address associated with the domain name. The computing device determines whether to send the request inside the secure tunnel or outside the secure tunnel by comparing the domain name to a split tunneling policy. Based on the comparison with the split tunneling policy, the computing device sends the request to the resolved network address either outside the secure tunnel or inside the secure tunnel.

Abstract: A computing device dynamically excludes/includes traffic from/in a secure tunnel based on the domain name of the destination of the traffic. The computing device establishes a secure tunnel from the computing device, and receives a request to access a remote resource at a domain name. The computing device resolves the domain name at a domain name server and receives a resolved network address associated with the domain name. The computing device determines whether to send the request inside the secure tunnel or outside the secure tunnel by comparing the domain name to a split tunneling policy. Based on the comparison with the split tunneling policy, the computing device sends the request to the resolved network address either outside the secure tunnel or inside the secure tunnel.