... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"
comp.dcom.vpn
VPN protocols, clients, awesomeness
2,349 messages
[ << oldest | < older | list | newer > | newest >> ]
Message 1,788 of 2,349
Mike Drechsler - SPAM PROTECTED EMA to Bob
Re: PPTP VPN Startup Connect
19 Oct 05 16:21:59
   From: mike-newsgroup@-DELETETHISPART-.upcraft.com   
      
   Bob wrote:   
   > On Tue, 18 Oct 2005 15:16:06 GMT, mikah    
   > wrote:   
   >   
   >   
   >>>How do I make the connection on my end happen automatically when I   
   >>>start my computer?   
   >   
   >   
   >>If you do that, you won't be able to use your connection for anything else   
   >>unless you use split tunneling, which is considered a security risk.   
   >>Normally when VPN is up, all other internet connectivity is down. That's by   
   >>design.   
   >   
   >   
   > Then the design is flawed because I am able to access the Internet and   
   > connect to the VPN at the same time. And I am not using any "split   
   > tunnelling". I am using MS PPTP VPN, the one that comes with Windows   
   > 2000.   
   >   
   > Where did you get this bizarre notion that "Normally when VPN is up,   
   > all other internet connectivity is down. That's by design."   
   >   
   >   
   > --   
   >   
   > If you build a man a fire and he will be warm for a day. If you   
   > set a man on fire, he will be warm for the rest of his life.   
      
   He incorrectly implied that you loose internet connectivity in the   
   default settings.  What is actually happening is your computer will send   
   all internet traffic over the VPN.  If the remote VPN endpoint is   
   configured to allow this traffic access to the internet through their   
   connection then your internet will still appear to work though all your   
   traffic will now appear to be coming through the remote sides   
   connection.  Many VPN endpoints are configured by default to deny all   
   vpn sourced traffic access to the internet so that it appears that while   
   you are on the VPN the internet will not work.  If the administrator   
   choose to allow VPN users access to the internet through that connection   
   they would need to change the settings (likely the NAT mappings or a   
   firewall rule) to explicitly allow VPN users access through the gateway   
   to the internet.   
      
   The idea behind this is that on the remote side they already have a   
   firewall configured to their policy on security.  On your local side,   
   your firewall is not controlled by them so you could allow all inbound   
   access to your machine for example and if you have some trojan on your   
   computer a hacker can control your machine and by doing so have access   
   to the networks that your machine is connected to including the remote   
   VPN network.  There was a well publicised case of exactly this happening   
   to a Microsoft employee allowing the hacker access to the internal   
   Microsoft network through his home computer.   
      
   In the microsoft PPTP client you can turn off the setting that sends all   
   your internet traffic to the vpn.  In many clients for different vpn   
   routers there is a setting that the administrator can use to prevent   
   users from disabling this split tunnelling feature in their own clients   
   for the reason I just stated.   
      
   --   
   WARNING!  Email address has been altered for spam resistance.   
   Please remove the -deletethispart-. section before replying directly.   
   Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)
[ << oldest | < older | list | newer > | newest >> ]