VPN and internet at the same time

[PacketMonkey]

Hello people,

I'm using windows98 to connect to a novell bordermanager VPN network over a cable modem. When I connect to the Novell VPN I lose internet conectivity, only the VPN works. I know that all packets are being routed to the VPN's netowrk whenever I try to surf the net. I know that when using Microsoft VPN client and server the same thing happens because the VPN connection gets a gateway address and that gateway has priority so all packets are sent though that gateway and then droped. To resolve this problem on the MS VPN I could do a route add for the places I need to goto on the internet or select my VPN DUN connector and in the TCP/IP properties unclick use default gateway of remote network. After that all unknow packets that are not in the same subnet get routed out the cable modems gateway and internet works. Anyone know how to resolve this problem with Novell VPN border Manager?? With MS VPN when I do a route print I see that the MS VPN connection modifys the routing table. With Novell this does not happen. Could it be because the novell it using IPX over TCP/IP or something... Anyone got any input? I don't really know anything about IPX/SPX

Thanks,

PacketMonkey

 

[wybnormal]

Well.. you are really asking to defeat the point of the VPN. If you have a internet connection and then open a VPN, you really want the public side closed or you have a huge security hole in the VPN structure.. it's possible for example, for you to get a virus while surfing the web and with the VPN open, it could pass to the supposedly "safe" network. I know the admins would probably want to stone you after that little stunt. Here, we would fire you. You get one or the other but you should not have both concurrently.

Mike S

 

[victorgo]

wybnormal:
How to prevent such kind of security hole.

Thanks.

 

[wybnormal]

Victor-

This is one of my projects for the upcoming new year. How to get our remote users through the VPN while using public access. We suspect the only real way to do it is to have a specific login point with authentication. It's somewhat messy since we have several different groups who want this access and they use everything from DSL, cable to AOL dialup. I'm not sure we can make all happy.. and I know for sure we will have to change our current VPN software which is very limited and allows such a hole that I mentioned before. I had it on my system and once I saw that little "feature" and the fact it locked up my DSL port, I took it off and told my boss, no way.. wont use it, wont support it etc.

I'm open to any suggestions from anyone else???

Mike S

 

[PAXE]

Hi, Surfing through a vpn tunnel is NOT a security issue in itself! When a pc is used for VPN You must ALWAYS have a virusfree machine. So a good ALWAYS up-to-date anti-virus program and a stateful firewall (ALWAYS ON) is a must. (And remember PC's used for vpn are work tools not toys for surfing or for playing games.) It is possible to surf through a gateway from inside the destination network thus making security the same as if you were inside. However this takes a lot of processor power as all traffic has to be encrypted and decrypted each time it enters or leaves the tunnel. And as such, it may be blocked on your corporate network for capacity reasons rather than for security as this is not an issue here.

Some concentrators allow split-tunnelling on the concentrator, so that http is sent forth and back inside the tunnel in plain text (not encrypted) Also if remote host is on a trusted network it is possible to allow split tunnelling on the remote host, so that he can not only surf the net but also has access to his network drives, printers and so on. (maybe you have to use the netuse command to obtain this) OHH I hadn't realised these questions are 1½yrs old. Well anyway....

The issue of virus is always present