Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Using VPN and surfing internet concurrently

Status
Not open for further replies.
bsoo

bsoo

Programmer
Sep 25, 2003
1
US
Hi All, I'm using Nortel's Contivity VPN Client to remote access into work but I can't surf internet while so connected. Can anyone tell me how I can surf internet at the same time? When I log in I need to first punch in a password in a security card, then enter the generated password into the VPN client.

Any help would be much appreciated.

I also looked at this post at

but I think it's either too technical for me or it doesn't apply.

Thanks!

Bright
 
Sort by date Sort by votes
quoted form
Can't access the Internet while using VPN

Symptom: after establishing a VPN connection, you may not be able to access the Internet because the VPN takes over your existing connection and all traffic to use the VPN default gateway on the remote network. The remote network may not allow VPN clients to access the Internet via their gateway.

Resolutions:
1) If you don't need to access the entire network resources, disable the "use default gateway on remote network" option in the properties of the VPN connection. To do that, go to VPN Connection->Properties->Network->TCP/IP->Properties->Advanced-, uncheck "Use default gateway on Remote Network".
2) Edit route table manually if you know how to or check routing page on this web site.


Robert Lin, MS-MVP, MCSE & CNE
Windows, Network and How to at
 
Upvote 0 Downvote
You probably won't have much luck changing these settings on your own. The Nortel client can be configured before it is distributed to enforce this behavior. You should find that you don't have the option to disable the default route through the VPN. You will also find that adding routes at the command line returns an error.

Your VPN admin can change tihs, but probably won't. The Nortel solution is sold as an extremely secure solution, opening the routing on your client machine disrupts the sense of security. It is just a sense of security, someone with evil intentions can bypass the issue with some work. There are better ways to deal with it. Sorry for the rant.

On another note, many companies that use this configuration provide an internet gateway on the server side of the VPN, which would allow you to surf'n'work. Might ask about that.
 
Upvote 0 Downvote
This has become a widespread policy...particularly if your IT dept has IBM or AT&T folks in it or maybe outsourced to them.
They, as a rule do not allow 'split tunneling' or 'split routing' and this is enforced by policies on the Nortel gateway/switch. It is good security policy however inconvenient.
My company allowed this until the above mentioned entities entered the picture and now IP access at the client end is only through the tunnel.
You can, however, use (heaven forbid) NetBEUI to share with peer machines on your LAN if you have a network or other non-TCP/IP needs in this config.
 
Upvote 0 Downvote
As mentioned above, Split tunneling is not a safe way of configuring VPN access... It would be wise to surf the internet through the company proxy server... that will not require any route changes or other insecure configurations... After all, you don't want users to get infected by a worm and then spread the worm into your company network because the client computer allows split tunneling

--------------------------------------------------------------------
--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------
 
Upvote 0 Downvote
To mhkwood,

I agree there is always a way. But i cant figure it out. I have a nortel client that is locked down. When I log on it changes my default gateway. Reason this is a problem is I am PCA to a remote machine in the office over the internet (through firewall etc), Then that PCA machine is what is used to connect to the Nortel VPN router. Of course when I fire up the Nortel connection, my routing table is updated and I loose the PCA connection. Now this PCA machine has 2 nics, so I was hoping one nic would "stay alive" for me to PCA into, and then the other one would be the one to connect to the nortel VPN. But since the routing table gets changed\hosed this still doesnt work. Ive tried adding routes manually and as you stated i get an error.

So what is the other way you had in mind about bypassing this. Any help would be appreciated. I imagine i can change some registry entry that will tell the VPN client not to change my default gateway, but I have not found it as of yet.

Thank
 
Upvote 0 Downvote
you can only allow split tunneling on the VPN box, not on the client...

--------------------------------------------------------------------
--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------
 
Upvote 0 Downvote
I have a question about this topic, would you be able to accomplish this by installing a second Network Card on your PC? I'm assuming you'd run into the same problem reagrdsless of the number if nics you install and that being the nortel vpn hijacking your default gateway.

Any thoughts

David

 
Upvote 0 Downvote
I guess so - A lot has to do with the default gateway... and you can only use 1 real default gateway on your computer...

--------------------------------------------------------------------
--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------
 
Upvote 0 Downvote
DaveVVV
The VPN client software installs a virtual network interface and when the VPN is active ALL traffic is routed through it if split tunneling is not allowed no matter if you have a multi homed configuration. The virtual interface is issued an IP address by the VPN gateway and acts as the gateway in your PC for all TCP/IP traffic. It passes the data to your physical NIC to get out of the PC but this is invisible to you from the OS as long as the VPN tunnel is active. Nothing that is not in the route table issued by the VPN gateway can be accessed unless it is through the VPN tunnel. With the Nortel client particularly the route table can not be changed in an attempt to circumvent this. For instance if you have a broadband connection and you try to ping the external address issued to you by your ISP, the packets must go through your VPN tunnel and out the company firewall and back to your modem or whatever has the address you pinged...that is if ICMP has not been disabled in the firewall.
 
Upvote 0 Downvote
bsoo:

How do you connect to your office's VPN? Are you saying you CAN access the Internet before you launch the VPN client?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
440
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
327
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
272
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
234
Joon Smith
Joon Smith
LearningNetworking
  • Locked
  • Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
308
LearningNetworking
LearningNetworking

Part and Inventory Search

Sponsor

Back
Top