Use local internet connection when connected to VPN? 1

[cyberspace]

It is possible to force the native VPN client in XP to use the local Internet Connection when connected to an office VPN?

it would be far better if home user's internet wasn't routing through the office lines as it's taking up licenses on the firewall and it's a right pain!

Any advice appreciated.

'When all else fails.......read the manual'

 

[chipk]

Don't think that's possible. VPN "takes over" the local network connection, so there is technically only one connection, i.e. there is not another one available to route http traffic only. You could block http traffic from your VPN subnet, if you have that separated (you should have a pool of addresses used for VPN, so that should be possible), so that when people VPN in, they cannot get on the Internet.

 

[cyberspace]

That sounds like half a solution - blocking port 80 onto the VPN subnet could work...but it's not ideal for users to have to keep dropping the VPN to browse the web.

Apparently some software clients will allow this, but I suppose that will be clients that will install virtual adapters for the VPN connection..and will use the physical device gateway for HTTP traffic.

It's a bit of a pain anyway, thanks for the reply

'When all else fails.......read the manual'

 

[chipk]

I wonder if they hit a proxy before hitting the firewall if it would still see those as separate connections and use up licenses.

 

[StaplesMan]

If you are talking about the MS VNP then try the following. It seems to work for me.

Network Connection
Right click on your VPN connect and select Properties
Select Networking Tab
Select TCP/IP
Click on Properties
Click on Advance
Change the setting on "Use default gateway on remote network"

 

[cyberspace]

That's done it! I can't believe it was so simple..but at the same time i'm pleased it is!

Have a star

'When all else fails.......read the manual'

 

[chipk]

Isn't that going to prevent him from communicating outside his VPN subnet at the office?

 

[smah]

Be aware that this is not the default behavior for a reason. Although convenient, using [google]split tunneling[/google] provides an alternate path into your network, if the user's computer becomes compromised.

 

[cyberspace]

smah, can you explain that a bit more please?

As it stands I don't see how using a local gateway provides an alternate path to the network? It's only for viewing web sites

So has this created a security issue?

thanks

chipk - when at the office they don't use the VPN connection so won't make any difference that i can see

'When all else fails.......read the manual'

 

[cyberspace]

Right, i'm a bit more educated now.

So I see that there is potential for security issues here, but in practice, how likely is it that there would be a problem?

And what are the practical scenarios for an attacker exploiting this, and how do they know it exists in the first place?

This is only intended to be a temporary measure..but even less temporary now I know this!

Are there any steps that can be taken to alleviate some of the issues?


'When all else fails.......read the manual'