Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
split-tunneling?
- Thread starter torqed
- Start date
It's a routing problem.
Anytime windows opens a new remote
connection it assings to it the defaultroute
entry in the routing table.
U have to change the defaultroute entry
after connecting to the vpn server.
I think this is possible uncecking the
"use default gateway on remote network"
option in the connection U use for VPN...but
cannot tell for true.
Anytime windows opens a new remote
connection it assings to it the defaultroute
entry in the routing table.
U have to change the defaultroute entry
after connecting to the vpn server.
I think this is possible uncecking the
"use default gateway on remote network"
option in the connection U use for VPN...but
cannot tell for true.
add a new default route after establishing
the best solution is to use 2 seperate gateways :
one for VPN and use the other gateway for outbound internet traffic
(if you have 2 WIn2K servers, then you can use the same router, but use the second Win2K server as NAT for outbound internet traffic after establising the tunnel...) ---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !
the best solution is to use 2 seperate gateways :
one for VPN and use the other gateway for outbound internet traffic
(if you have 2 WIn2K servers, then you can use the same router, but use the second Win2K server as NAT for outbound internet traffic after establising the tunnel...) ---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !
Guest_imported
New member
- Jan 1, 1970
- 0
Be careful with split tunneling. It is inherently insecure. If you open up two connections, intruders can ride up the open path and into the VPN tunnel. I'm sure everyone already knows this but it's worth mentioning again. I've seen people get burned.
cheers,
Phil
cheers,
Phil
You could be a bit more specific. How many public IP's are you using? How many server's/ router's are on the internet?
You can have your clients go to different gateways by using the "route" command on the DOS inter-face. I've just finished configuring my office as such. It worked great. For 95/98 clients I put the command in the logon script. For NT/2000 I used the "route -p" for persistent. You must have admin rights on NT/2000 to use the "route" command.
You can have your clients go to different gateways by using the "route" command on the DOS inter-face. I've just finished configuring my office as such. It worked great. For 95/98 clients I put the command in the logon script. For NT/2000 I used the "route -p" for persistent. You must have admin rights on NT/2000 to use the "route" command.
Guest_imported
New member
- Jan 1, 1970
- 0
I had a similar problem and have written a piece of software that allows you to control routing for any VPN/Dial-Up connection (as long as you use microsoft provided VPN/Dial-Up in Win2k or XP -- it will not work for NT or 9x/Me). It saves me writing route print/add/delete after each connection and looking up the connection's IP address. If anyone is interested drop me a line at gershnik@hotmail.com
By the way split tunneling _does not_ constitute security risk. This is a widespread misconception. As long as you machine is connected to internet _before_ you turn VPN on it can catch anything you wish (nimda, code-red, any spyware -- you name it). The this stuff will happily continue its work _after_ you connect by VPN. All your company gains by using a VPN is a protection from evesdropping over the line. As long as your machine is directly connected to internet even for small periods of time and without VPN being active there cannot be any security
Eugene
By the way split tunneling _does not_ constitute security risk. This is a widespread misconception. As long as you machine is connected to internet _before_ you turn VPN on it can catch anything you wish (nimda, code-red, any spyware -- you name it). The this stuff will happily continue its work _after_ you connect by VPN. All your company gains by using a VPN is a protection from evesdropping over the line. As long as your machine is directly connected to internet even for small periods of time and without VPN being active there cannot be any security
Eugene
If your using Microsoft VPN:
1. Go to Dial up and Network Connections
2. Right click on VPN (virtual private network)
3. Go to Properties
4. Go to Networking
5. Highlight Internet Protocol (TCP/IP)
6. Click Properties
7. Click Advanced
8. Uncheck the box "Use default gateway on remote network"
As Phildom has said...BE CAREFUL!! This leaves a hole in your VPN for intruders.
1. Go to Dial up and Network Connections
2. Right click on VPN (virtual private network)
3. Go to Properties
4. Go to Networking
5. Highlight Internet Protocol (TCP/IP)
6. Click Properties
7. Click Advanced
8. Uncheck the box "Use default gateway on remote network"
As Phildom has said...BE CAREFUL!! This leaves a hole in your VPN for intruders.
- Status
Similar threads
- Locked
- Question