dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
4864
chawni
join:2003-12-02
Havana, FL

chawni

Member

[Servers] Can't Access Internet With VPN Connection

I work from home and my employer has just required that I connect to their server thru a VPN connection. My problem is that once connected, my internet access is dead on MY computer. Is there a way I can prevent this, work around, do something to get it back? It's driving me crazy.
Thanks in advance!

shdesigns
Powered By Infinite Improbabilty Drive
Premium Member
join:2000-12-01
Stone Mountain, GA

1 recommendation

shdesigns

Premium Member

Talk to your employer IT department. They set up the VPN and the access policies that go with it.
chawni
join:2003-12-02
Havana, FL

chawni

Member

They told me I wouldnt be able to access it. Period. There has to be a way around it.
nyrrule27
join:2007-12-06
Howell, NJ

nyrrule27

Member

are you using your personal computer or a company supplied computer?
chawni
join:2003-12-02
Havana, FL

chawni

Member

I am using my personal computer. I apologize for not saying that earlier.

SoonerAl
MVM
join:2002-07-23
Norman, OK

SoonerAl to chawni

MVM

to chawni
Generally you want to direct all client traffic through the VPN tunnel. Not doing so is a potential security risk for the VPN server end of the link. This is called "split tunneling".

From Microsoft...
quote:
When a VPN client computer is connected to both the Internet and a private intranet and has routes that allow reachability to both networks, the possibility exists that a malicious Internet user might use the connected VPN client computer to reach the private intranet through the authenticated VPN connection.
This can be configured on the client side, ie. the native Windows PPTP client for example, or on the server side. It depends on the VPN your work/office is using. In your case it simply sounds like your out of luck because of company policies...
nyrrule27
join:2007-12-06
Howell, NJ

nyrrule27 to chawni

Member

to chawni
Screw that. Tell the company to supply you with a computer then. If you are using your personal PC they shouldn't be locking you out of browsing the Internet.
public
join:2002-01-19
Santa Clara, CA

public to chawni

Member

to chawni
said by chawni:

My problem is that once connected, my internet access is dead on MY computer. Is there a way I can prevent this,

Obviously not allowing split tunnel.
A possible solution is to setup two virtual machines on your pc, one for vpn and the other for browsing
chawni
join:2003-12-02
Havana, FL

chawni

Member

That sounds like a good idea. Do you know of any good tutorial sites like "VM for Dummies.com"?
tomdlgns
Premium Member
join:2003-03-21

tomdlgns to public

Premium Member

to public
said by public:

said by chawni:

My problem is that once connected, my internet access is dead on MY computer. Is there a way I can prevent this,

Obviously not allowing split tunnel.
A possible solution is to setup two virtual machines on your pc, one for vpn and the other for browsing

sounds like more trouble for the thread starter. wouldn't this require two additional windows licenses?

@chawni, tell them to supply you with a laptop that will run their VPN software or tell them you want access to use remote desktop and connect to a machine on their network.

GroovyPhoenx
Premium Member
join:2006-05-22
Gloucester, ON

GroovyPhoenx to chawni

Premium Member

to chawni
Which software for VPN? With little details it can't help much,

However most VPN clients do offer a way to turn off the "Use default gateway" for VPN which allow you to be connected to VPN and still browse the web.

In fact in most cases you turn it off as it lightens the laod on the server to prevent them from having to run all the internet traffic.

cdru
Go Colts
MVM
join:2003-05-14
Fort Wayne, IN

cdru

MVM

However most VPN clients do offer a way to turn off the "Use default gateway" for VPN which allow you to be connected to VPN and still browse the web.

It depends on the policy that the connecting VPN sets. They have the option to require all traffic go through the tunnel. Some administrators leave the option to the client, good administrators enforce it unless there is specific reason why it shouldn't be used.

In fact in most cases you turn it off as it lightens the laod on the server to prevent them from having to run all the internet traffic.

It lightens the load, but then it opens up the remote network being connected to intrusion. If your PC is compromised, once the VPN tunnel is established then the remote network also becomes compromised via the infected computer that is potentially being controlled from the internet.
tomdlgns
Premium Member
join:2003-03-21

tomdlgns

Premium Member

what is the best way to see if split tunneling is enabled when the VPN connection is made?

cdru
Go Colts
MVM
join:2003-05-14
Fort Wayne, IN

cdru

MVM

What VPN client do you use? If it's the built in Windows client, I believe the setting is in the vpn adapter settings -> TCP/IP v4 -> Advance Options -> uncheck "Use as default gateway" or something like that. If you use something like a Cisco VPN client it likely isn't permitted.
tomdlgns
Premium Member
join:2003-03-21

tomdlgns

Premium Member

sonicwall net extender, i have never checked in the options, but now i am curious and i am going to take a look.
AsherN
Premium Member
join:2010-08-23
Thornhill, ON

AsherN

Premium Member

You mat not want to try an circumvent you IT department's security policies. That tends to be a career limiting move.
tomdlgns
Premium Member
join:2003-03-21

tomdlgns

Premium Member

said by AsherN:

You mat not want to try an circumvent you IT department's security policies. That tends to be a career limiting move.

i agree with AsherN.

however, the company needs to provide a company laptop to users working at home (we do....we dont want to be responsible for their personal computers).
LLigetfa
join:2006-05-15
Fort Frances, ON

LLigetfa

Member

said by tomdlgns:

...the company needs to provide a company laptop to users working at home...

The company needs only to live up to their terms of employment. The employee too, including security policies.
tomdlgns
Premium Member
join:2003-03-21

tomdlgns

Premium Member

said by LLigetfa:

said by tomdlgns:

...the company needs to provide a company laptop to users working at home...

The company needs only to live up to their terms of employment. The employee too, including security policies.

i agree, but the company shouldn't force the users to use their personal machine with the company VPN software that cripples the users personal computer when working from home.

i dont agree with that.

and the last thing i want to do is remote into a personal PC running our VPN software on it to try and troubleshoot the problem on a computer that is too old and possibly infested with viruses/spyware. doesnt make any sense to me...
LLigetfa
join:2006-05-15
Fort Frances, ON

LLigetfa

Member

We don't allow split tunnel on our VPN but then again we don't allow our employees to use their home computers to connect to our network over VPN either. Only managed company provided laptops are allowed VPN access.

We do however allow employees to use our Citrix portal to connect with their personal computers. The portal does not prevent them from accessing the internet from their home computer.
tomdlgns
Premium Member
join:2003-03-21

tomdlgns

Premium Member

said by LLigetfa:

We don't allow split tunnel on our VPN but then again we don't allow our employees to use their home computers to connect to our network over VPN either. Only managed company provided laptops are allowed VPN access.

We do however allow employees to use our Citrix portal to connect with their personal computers. The portal does not prevent them from accessing the internet from their home computer.

same with us, employees that work from home/the road have a company laptop with the VPN client installed. they can also use citrix, but save that as a backup.