PDA

View Full Version : VPN stops Internet traffic on my iMac while VPN connection active




devdewboy
Jul 17, 2009, 01:28 PM
Hello,

when I connect to the VPN, it stops all internet traffic. The connection to the VPN is successful. While the connection is made, if I attempt to browse in safari on my computer, not on another computer via a VNC client like ChickenoftheSea since I have the connection previously made, I cannot ssurf. I cannot ping any site. All the while the connection to the VPN is fine.

I can retrieve email as well - internet trafic related

Any ideas?

Thanks Much!

DevDewboy



belvdr
Jul 17, 2009, 01:30 PM
Yeah, whoever you are connecting to via VPN is not using split tunnelling to increase security.

foshizzle
Jul 17, 2009, 05:15 PM
check your DNS on the VPN connection.

ChrisA
Jul 17, 2009, 06:16 PM
This is likely intentional. VPNs are commonly set up that say. The Cisco VPN software our company gives to employees to use at home does this too.

The reason is that while you are connected via the VPN to the corporate network you are literally inside their firewall. If your computer were at the same time connected to your home ISP then it could route between the networks and act as a gateway to the corporate network.

Hello,
when I connect to the VPN, it stops all internet traffic. ....
DevDewboy

sjinsjca
Jul 17, 2009, 10:16 PM
As others have noted, this is the way IT departments assholically set up their security policies.

Connect the VPN, watch your internet connectivity go bye-bye. Or, maybe even worse, watch your internet connectivity get routed through the IT department for scrubbing and monitoring and databasing. Yup, your IMs, personal emails and tweets might be accumulating in some database that the Lords of IT can review if ever they want to get something on you. Also, when connected to the VPN, the IT folks might be loading keyloggers and other goodies on your machine, though that's less likely with a Mac than a Windows machine.

If that creeps you out, then do as I do and run your VPN in a virtual machine reserved for the purpose.

belvdr
Jul 19, 2009, 07:56 AM
As others have noted, this is the way IT departments assholically set up their security policies.

Connect the VPN, watch your internet connectivity go bye-bye. Or, maybe even worse, watch your internet connectivity get routed through the IT department for scrubbing and monitoring and databasing. Yup, your IMs, personal emails and tweets might be accumulating in some database that the Lords of IT can review if ever they want to get something on you. Also, when connected to the VPN, the IT folks might be loading keyloggers and other goodies on your machine, though that's less likely with a Mac than a Windows machine.

If that creeps you out, then do as I do and run your VPN in a virtual machine reserved for the purpose.

You have no idea what you're talking about. IT is not really interested in all of that. Realistically, it's the company making these policies and IT enforces them. I have yet to know a company that installs keyloggers as part of an official policy. The IT staff has administrative access to the devices they support, so having a keylogger installed is excessive.

Chris.L
Jul 19, 2009, 10:23 AM
My employer uses a keylogger as part of the policy, so I don't use the computer they provided ;)

Sounds like you might need to put proxy settings into Safari. On the computer that you are VNC'ing to, go Tools > Internet Options > Connections > LAN Settings and have a look to see if their is any proxy information in there. Replicate it within Safari.

The above is assuming you are using IE on the remote client.

belvdr
Jul 19, 2009, 03:42 PM
I've seen many company policies and never heard/seen that. I wonder if it is a UK thing, but for the US, two major companies who have strict security policies do not use that.

I have no idea why they would even need that, as you can get anything you want from the firewall or from a SPAN port.

Eski
Jul 20, 2009, 05:14 AM
It might be simpler than suggested. When I connect with VPN to my work network I have to change the proxy settings to get web access. I therefore change over to the work proxy settings (as I do when in work).

Hope that helps.:)

Queso
Jul 20, 2009, 05:28 AM
As others have noted, this is the way IT departments assholically set up their security policies.
And if your data suddenly went "bye-bye" because an infected computer uploaded malware onto all of the servers I bet you'd blame the IT department for that too....

As for the rest of your post, come back to planet Earth. We miss you.

gugus2000
Sep 10, 2009, 08:45 AM
As I own the server the political discussions about employer spying etc do not apply to me. I don't spy on myself. I really need a technical solution:

Server is Tiger, client is now Snow Leopard. According to the Tiger server doc even when the flag "route all traffic..." on the client is not checked the client will ONLY access the DNS server through the VPN. Well, this has not been true for the last 3 years! I never had the problem before. Only since I upgraded my MacBook Pro from Leopard to Snow Leopard this DNS rule seems to be active. I run my own server and need access to my internal mail and file server while working from home or on-site at a customer. I normally have the VPN connection open all day. The only 2 servers I need to access in my private network do not have DNS entries anyway but their address is hardcoded (I know, should not do that, but hey, it's two addresses I control). This style of working is not possible anymore. I have to constantly switch manually between VPN on and off. And I cannot simply put DNS servers fix into VPN advanced prefs because I need intra- and internet access from home and various customer sites as well as public WLAN.

Please help, this is very annoying
Have fun
---markus---

whooleytoo
Sep 10, 2009, 10:25 AM
This might be completely off the wall.. but I've had a problem previously where the subnet on the VPN (all addresses were 192.168.1.xxx) was the same as on my WiFi connection at home. Even though I was connecting to the VPN using Ethernet, this Wifi configuration was causing problems connecting until I changed the Wifi settings to another subnet (192.168.100.xxx).

So you might consider checking that there isn't a network location on your client with the same subnet as on your VPN. If all else fails, might be worth a try.

sjinsjca
Nov 17, 2009, 04:58 PM
I have yet to know a company that installs keyloggers as part of an official policy.

I have.

In fact, I was invited to write a custom one for a large and well-known food products company.

Sorry for the late response, just noticed your comment. I do know what I'm talking about in this case.

sjinsjca
Nov 17, 2009, 05:02 PM
And if your data suddenly went "bye-bye" because an infected computer uploaded malware onto all of the servers I bet you'd blame the IT department for that too...

Hence my recommendation to run the VPN and a limited set of mission-critical applications (email, file sharing, basic Office apps) in a secured virtual machine.

I do not agree that every bit and byte of every laptop-toter's internet traffic should be routed through the company's firewall. But that's the default for most setups I've seen.

The host laptop should, of course, be running good antivirus and firewall utilities, especially if Windows-based.