home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.dcom.vpn      VPN protocols, clients, awesomeness      2,348 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 1,891 of 2,348   
   Simon to Martin Bodenstedt   
   Re: VPN Internet routing problem   
   10 Jan 06 13:18:15   
   
   From: simon@not-here.com   
      
   Martin Bodenstedt wrote:   
   > ioevanc@gmail.com schrieb:   
   >   
   >> Hello   
   >>   
   >> I have a Windows Server 2003 configured as a remote access VPN server.   
   >> Everything works perfectly, however when I connect from a client   
   >> machine to the VPN my internet connection get taken over by the   
   >> server's internet connection, anotherwords, not only it is routing my   
   >> LAN but also the internet connection the server is on.   
   >   
   >   
   > This by design.   
   >   
   > Once your VPN connection is open the VPN client should only allow   
   > traffic through the tunnel for security reasons (keyword here is "Split   
   > tunneling").   
   >   
   > This also means that once Your PC has the VPN connection open the pc   
   > cannot see the lan anymore (to protect the corporate network from being   
   > infiltrated by rogue pcs...   
   >   
   >   
   Martin is correct, however I'm sure you can still see the local subnet   
   Martin, it's only the default route that's affected.   
      
   With the windows client you can get round it though if you consider the   
   risks worthwhile, here's what I posted the other day in response to a   
   similar question   
   "Yes it's a security risk if the remote computer becomes compromised, as   
   the internet connection going out locally could allow a back door into   
   your network when the client vpn is connected. However with the ms   
   client you can open up split routing to do what you need, in the tcpip   
   properties of the remote PCs connection to you under advanced untick the   
   'use default gateway on remote network' then only traffic destined for   
   the subnet that the client vpn address gets goes down the tunnel, all   
   else goes out locally. If there is more than one subnet at your location   
   the remote clients would need to use the route add command to add the   
   additional routes needed. "   
   simon   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca