Re: VPN cant access internet whilst connected to VPN
- From: "Brian Cryer" <brianc@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 17 Aug 2005 09:31:17 +0100
"Leythos" <void@xxxxxxxxxxx> wrote in message
news:MPG.1d6be5318cecc40e989be4@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> In article <1124209416.26648.0@xxxxxxxxxxxxxxxxxx>, brianc@
> 127.0.0.1.activesol.co.uk says...
>> "Leythos" <void@xxxxxxxxxxx> wrote in message
>> news:MPG.1d6bccb8c044a827989bde@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> > In article <1124201114.21996.0@xxxxxxxxxxxxxxxxxx>, brianc@
>> > 127.0.0.1.activesol.co.uk says...
>> >> "Steve" <Steve@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:584C8919-6265-47EF-9153-58DC370B07C1@xxxxxxxxxxxxxxxx
>> >> > When connected to my works VPN I cant access the internet. This
>> >> > causes
>> >> > issues
>> >> > when looking at email with hyperlinks etc. What settings do I need
>> >> > to
>> >> > change
>> >> > so that I can access internet through my own broadband connection
>> >> > whilst
>> >> > connected to VPN.
>> >>
>> >> Could be wrong, but it sounds like you have the "Use default gateway
>> >> on
>> >> remote network" checked, which basically means when you try to connect
>> >> to
>> >> any external site it will route the request across the vpn connection.
>> >>
>> >> 1. Open the properties page for your vpn connection.
>> >> 2. On the networking tab, select "Internet Protocol (TCP/IP)" and
>> >> click
>> >> [Properties].
>> >> 3. Click [Advanced]
>> >> 4. Uncheck "Use default gateway on remote network"
>> >
>> > That can cause problems with accessing systems other than the VPN end-
>> > point at the office.
>> >
>> > Additionally, browsing the Internet without proper security, while
>> > VPN'd
>> > into the office is the quickest way to have the office network
>> > compromised.
>> >
>> > The proper method should be to ask the Firewall people at your office
>> > to
>> > allow outbound HTTP access for VPN users.
>> >
>> > --
>> >
>> > spam999free@xxxxxxxxxx
>> > remove 999 in order to email me
>>
>> All valid points, but performance wise browsing across a vpn sucks
>> because
>> you are introducing extra latency if not also reducing your bandwidth.
>
> But allowing access to the local home network is more of a security risk
> than putting up with slow browsing. And if it's only to do work and
> check links in email, chances are that it's not that much of an speed
> issue anyway. I VPN from LA to Ohio all the time, browse through the
> hotel connection in LA through my VPN to Ohio and then out through the
> Ohio connection (which is protected).
>
> Is your company network not with the security?
>
>> It is important to ensure that there is a decent firewall (+ anti-virus)
>> at
>> the pc end - but if its connected to the internet then there *ought* to
>> be
>> (something for Steve to check).
>
> There is no such thing as a decent firewall administered by local users
> - and that's even more true when they also run as local administrators.
>
> The proper method is to not allow local network access and to browse
> through the VPN where the network admins can provide a filtered/cleaned
> HTTP experience so that the company network is not compromised.
>
> --
>
> spam999free@xxxxxxxxxx
> remove 999 in order to email me
Where I work I am happy to allow users VPN access provided I have checked
their laptops first to check their firewall and anti-virus arrangements (we
control anti-virus centrally). If you are very security conscious then you
can configure firewall settings for the vpn connection at the server end,
thereby reducing any risk to the network. (Something for me to do!)
I experienced (and had complaints about) a noticeable drop in performance
surfing the net when we did it across the vpn connection. (Only those with
broadband noticed a drop, those with dial up didn't seem to notice.) Latency
aside, bandwidth is logically the smaller of your local download speed and
the upload speed on the company network. We have broadband at work, so high
download but much lower upload - our upload (288kbps) is lower than most
people have as their download speed (on broadband), hence the noticeable
drop in performance. If we had a faster link at work then (other than
latency) it would unlikely to be noticeable. (I don't have figures to prove
it, but I'm sure its latency people notice more than bandwidth, but I could
be wrong.)
I accept all of your points - and I think any reader should seriously
consider them, but I'm happy for us to run as we are, allowing people local
access to the internet.
Brian.
.
- References:
- VPN cant access internet whilst connected to VPN
- From: Steve
- Re: VPN cant access internet whilst connected to VPN
- From: Brian Cryer
- Re: VPN cant access internet whilst connected to VPN
- From: Brian Cryer
- VPN cant access internet whilst connected to VPN
- Prev by Date: CAnnot delete file XXXXXXX ---
- Next by Date: Re: "Download" Windows Update
- Previous by thread: Re: VPN cant access internet whilst connected to VPN
- Next by thread: IE - can't access "save target as"
- Index(es):
Relevant Pages
|
