A VPN hijack
-
A VPN that I connect to for specific tasks is hijacking all my internet connections. Naturally I don't want this and so I come to ask the esteemed collection of boffins here for some help. I am running Windows XP Pro (SP2). I have a base internet connection (ADSL through ethernet) and then a network connection to a VPN which runs on top of that base connection. The VPN gives me access to a specific mail, FTP and SharePoint server. However when it is connected all other internet traffic (mail, ftp, web etc.) gets routed through the VPN too. It slows things down and I doubt the VPN server wants my other traffic. Andrew suggest I try
route printand sure enough when the VPN is on my default gateway is one IP address and when it is off it is another. I only need the VPN to handle specific traffic and not the rest. Any ideas on how to achieve this? ta regards, Paul Watson South Africa Michael Dunn wrote: "except the sod who voted this a 1, NO SOUP FOR YOU" Crikey! ain't life grand? -
A VPN that I connect to for specific tasks is hijacking all my internet connections. Naturally I don't want this and so I come to ask the esteemed collection of boffins here for some help. I am running Windows XP Pro (SP2). I have a base internet connection (ADSL through ethernet) and then a network connection to a VPN which runs on top of that base connection. The VPN gives me access to a specific mail, FTP and SharePoint server. However when it is connected all other internet traffic (mail, ftp, web etc.) gets routed through the VPN too. It slows things down and I doubt the VPN server wants my other traffic. Andrew suggest I try
route printand sure enough when the VPN is on my default gateway is one IP address and when it is off it is another. I only need the VPN to handle specific traffic and not the rest. Any ideas on how to achieve this? ta regards, Paul Watson South Africa Michael Dunn wrote: "except the sod who voted this a 1, NO SOUP FOR YOU" Crikey! ain't life grand?Standard Windows VPN? Then it's easy... Go to the VPN Settings->Networking->Internet Protocol->Advanced In here you remove the check from the single only checkbox there is "Use default gateway....." All done and you can have both VPN and normal internet connection running, even multible VPN's at the same time :cool: - Anders My Photos
WDevs - The worlds first DSP, free blog space, email and more
-
Standard Windows VPN? Then it's easy... Go to the VPN Settings->Networking->Internet Protocol->Advanced In here you remove the check from the single only checkbox there is "Use default gateway....." All done and you can have both VPN and normal internet connection running, even multible VPN's at the same time :cool: - Anders My Photos
WDevs - The worlds first DSP, free blog space, email and more
hmm that is interesting. The problem though is that then I can't get mail through the VPN or any other of the VPN specific tasks I need. e.g. I have Thunderbird with two mail accounts. One needs to go over the base internet connection and the other needs to go through the VPN. regards, Paul Watson South Africa Michael Dunn wrote: "except the sod who voted this a 1, NO SOUP FOR YOU" Crikey! ain't life grand?
-
hmm that is interesting. The problem though is that then I can't get mail through the VPN or any other of the VPN specific tasks I need. e.g. I have Thunderbird with two mail accounts. One needs to go over the base internet connection and the other needs to go through the VPN. regards, Paul Watson South Africa Michael Dunn wrote: "except the sod who voted this a 1, NO SOUP FOR YOU" Crikey! ain't life grand?
Do you use the built-in VPN in Windows (PPTP)? If so what you want is possible, if not I have no idea whats wrong ;) - Anders My Photos
WDevs - The worlds first DSP, free blog space, email and more
-
Do you use the built-in VPN in Windows (PPTP)? If so what you want is possible, if not I have no idea whats wrong ;) - Anders My Photos
WDevs - The worlds first DSP, free blog space, email and more
Yup, the buil-in Windows VPN bits, PPTP. Thanks for your patience and help, Anders. regards, Paul Watson South Africa Michael Dunn wrote: "except the sod who voted this a 1, NO SOUP FOR YOU" Crikey! ain't life grand?
-
Yup, the buil-in Windows VPN bits, PPTP. Thanks for your patience and help, Anders. regards, Paul Watson South Africa Michael Dunn wrote: "except the sod who voted this a 1, NO SOUP FOR YOU" Crikey! ain't life grand?
Paul Watson wrote: Yup, the buil-in Windows VPN bits, PPTP. Okay, did you try my suggestion? I know that it works and the routing table is correct as soon as you set to not use the VPN as default gateway... If still problems let me know exactly what happens. I use this stuff every day with multible connections and have done so for years now ;) - Anders My Photos
WDevs - The worlds first DSP, free blog space, email and more
-
A VPN that I connect to for specific tasks is hijacking all my internet connections. Naturally I don't want this and so I come to ask the esteemed collection of boffins here for some help. I am running Windows XP Pro (SP2). I have a base internet connection (ADSL through ethernet) and then a network connection to a VPN which runs on top of that base connection. The VPN gives me access to a specific mail, FTP and SharePoint server. However when it is connected all other internet traffic (mail, ftp, web etc.) gets routed through the VPN too. It slows things down and I doubt the VPN server wants my other traffic. Andrew suggest I try
route printand sure enough when the VPN is on my default gateway is one IP address and when it is off it is another. I only need the VPN to handle specific traffic and not the rest. Any ideas on how to achieve this? ta regards, Paul Watson South Africa Michael Dunn wrote: "except the sod who voted this a 1, NO SOUP FOR YOU" Crikey! ain't life grand?Maybe there is something you have to add to the exception list in Microsoft Firewall? There were several programs (that have auto program update capabilities) that did not work properly until I added them to the exception list. Steve
-
Maybe there is something you have to add to the exception list in Microsoft Firewall? There were several programs (that have auto program update capabilities) that did not work properly until I added them to the exception list. Steve
Yeah, it might be some XP SP2 specific thing... - Anders Developer Forums That Works
My PhotosWDevs - The worlds first DSP, free blog space, email and more
-
A VPN that I connect to for specific tasks is hijacking all my internet connections. Naturally I don't want this and so I come to ask the esteemed collection of boffins here for some help. I am running Windows XP Pro (SP2). I have a base internet connection (ADSL through ethernet) and then a network connection to a VPN which runs on top of that base connection. The VPN gives me access to a specific mail, FTP and SharePoint server. However when it is connected all other internet traffic (mail, ftp, web etc.) gets routed through the VPN too. It slows things down and I doubt the VPN server wants my other traffic. Andrew suggest I try
route printand sure enough when the VPN is on my default gateway is one IP address and when it is off it is another. I only need the VPN to handle specific traffic and not the rest. Any ideas on how to achieve this? ta regards, Paul Watson South Africa Michael Dunn wrote: "except the sod who voted this a 1, NO SOUP FOR YOU" Crikey! ain't life grand?Hey Paul, I'm just throwing this out, so don't take it as gospel. I seem to remember having a conversation with an engineer at Microsoft about how they decided to put their VPN implementation together, and they were very concerned with the scenario that a home user with an infected PC would VPN into the corporate network. So, AFAIK they disabled the ability to work both inside and outside the corporate network at the same time. The result in my experience is that if you're VPN'd in, all your internet traffic is routed through the corporate network, and therefore subject to all the safeguards the corporate network has in place (firewalls, antivirus, intrusion detection, etc.) HTH, David
-
Hey Paul, I'm just throwing this out, so don't take it as gospel. I seem to remember having a conversation with an engineer at Microsoft about how they decided to put their VPN implementation together, and they were very concerned with the scenario that a home user with an infected PC would VPN into the corporate network. So, AFAIK they disabled the ability to work both inside and outside the corporate network at the same time. The result in my experience is that if you're VPN'd in, all your internet traffic is routed through the corporate network, and therefore subject to all the safeguards the corporate network has in place (firewalls, antivirus, intrusion detection, etc.) HTH, David
That does sound like a very possible consideration. I will do some more digging, thanks. regards, Paul Watson South Africa Michael Dunn wrote: "except the sod who voted this a 1, NO SOUP FOR YOU" Crikey! ain't life grand?
-
hmm that is interesting. The problem though is that then I can't get mail through the VPN or any other of the VPN specific tasks I need. e.g. I have Thunderbird with two mail accounts. One needs to go over the base internet connection and the other needs to go through the VPN. regards, Paul Watson South Africa Michael Dunn wrote: "except the sod who voted this a 1, NO SOUP FOR YOU" Crikey! ain't life grand?
It's really quite simple, if you know how ip-packet are send, and how netmasks work. ;-) A network consists of a bundle of ip-addresses, bound by a netmask. If the IP's are 192.168.1.x and netmask is 255.255.255.0, all addresses from 192.168.1.1 to 192.168.1.255 are on the same network. If the netmask is 255.255.0.0, all addresses from 192.168.1.1 to 192.168.255.255 are on the same network. Now - If a computer wants to connect to something foreign, outside the "local ip-range", it will use the "default gateway". So, when your computer wants to connect to your ISP's mail-server, it sends ip-packages through your default gateway. How the package gets back, is up to the computers and routers outside you network. So, when you connect your VPN to the company, and asks it to use the company "default gateway", it will send all foreign ip-packages to the companys network. If there is no connection from this network to your ISP, the package gets lost - and you're unable to check mail. And, if the company mail-server is on a ip-range that doesn't match the ip-address and netmask you are given by the VPN, you won't be able to reach the company mail-server, without using the company default gateway. In comes routing. It is possible to tell you computer, how to reach specific networks. For instance, if the company network is giving you the ip 10.10.1.190, and you KNOW that the company mail-server is reachable at 172.158.20.1, you can add this route AFTER opening the VPN connection, with: route add 172.158.20.0 mask 255.255.255.0 10.10.1.190 This tells your computer that all trafic to the ip-range 172.158.20.0 should go through the VPN connection. So even without using the default gateway at the company, you will be able to get mail from the company. - Morten
WDevs - The worlds first DSP, free blog space, email and more
-
Hey Paul, I'm just throwing this out, so don't take it as gospel. I seem to remember having a conversation with an engineer at Microsoft about how they decided to put their VPN implementation together, and they were very concerned with the scenario that a home user with an infected PC would VPN into the corporate network. So, AFAIK they disabled the ability to work both inside and outside the corporate network at the same time. The result in my experience is that if you're VPN'd in, all your internet traffic is routed through the corporate network, and therefore subject to all the safeguards the corporate network has in place (firewalls, antivirus, intrusion detection, etc.) HTH, David
That sounds really interesting David... Is that an XP SP2 Feature? I mean, I have not tried VPN's with SP2, but I know you can be on both local internat connection and corporate LAN at the same time with both XP, Win2k and Win2003 :) - Anders Developer Forums That Works
My PhotosWDevs - The worlds first DSP, free blog space, email and more