The “-p” option makes your configuration persistent – meaning that it will be there again next time you boot. The first column is the interface id, 49 in my case. For example, I know my system has a gigabit network adapter and in the list I see a “Intel(R) Gigabit Network Connection” – bingo – that’s it. You’ll need to figure out which one to use. It will also list the ‘Metric’ to use, and at the top of the listing is the “Interface List” which lists the network interfaces on your system. To help discover what you need to use, disconnect from your VPN, make sure you can connect to your local device, then run a “route print” show the current active routes and find your device. You don’t need to use split tunneling to enable access to local devices, you just need to add the local devices to the windows routing tables so that it knows to access them when the VPN is active. Un-checking allows access to the local network and gateway.Īgain remember this is a security feature and should not be reconfigured unless necessary and you are aware of the risks. When checked, its default state, it forces all traffic through the remote site. In the resulting window select Networking, highlight Internet Protocol Version 4 (TCP/IPv4) and click properties, click Advanced, and in the resulting window un-check “Use Default Gateway on remote network. Locate the VPN/PPP adapter, right click on it and choose properties. This will work on XP and earlier clients as well but the path to the adapters is slightly different. To do so open Control Panel, select Network and Sharing Center, and then choose “Change Adapter Settings”. However if you are using a Windows VPN client you can edit the configuration to allow split-tunneling. It is managed by the VPN appliance and will require the administrator to configure and enable if they see a need to do so. ![]() If you have an Enterprise VPN solution such as Cisco, Watchguard, Sonicwall, or others, as an end user cannot enable split-tunneling. Due the security reasons outlined above, I do not recommend enabling this, however in some cases it is necessary or perhaps you just wanted to know why. In order to simultaneously access the local and remote VPN network you need to enable a feature called split-tunneling. If you don’t believe me have a look at the following Ted Talks video by Avi Rubin “All your devices can be hacked”. ![]() Granted, there are many security features in place, or at least there should be, such as firewalls and NTFS security permissions to protect your corporate data, similar to the security corridor from the 60’s & 70’s TV show Get Smart, but the more of these doors left open, the easier it is for hackers. Either through the shared Wi-Fi connection, or even an “Ad Hoc” wireless connection, the person at the next table could conceivably route packets through your wireless device directly to head office. Or, consider an Internet Cafe’ where you are on the same local network as total strangers. It basically isolates your device from the world around you so that Johnny playing video games in the next room cannot route traffic through your PC to the corporate site. This is to provide some degree of security by preventing someone with malicious intent from reaching the corporate server using your PC/Laptop as a stepping stone. ![]() There is a security feature in almost all VPN configurations that blocks all local network connections while connected to the corporate network, via a VPN. It is pretty basic but for those that don’t understand I thought I would address this in a blog so that in future I can just provide a pointer. There are constantly questions in various forums “how do I maintain internet access through my local router while connected to a VPN”, or “ how do I access my local TCP/IP printer while connected to a VPN”.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |