Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Reply
 
Thread Tools Search this Thread Display Modes
Old Jul 17, 2009, 01:28 PM   #1
devdewboy
macrumors newbie
 
Join Date: Jun 2008
VPN stops Internet traffic on my iMac while VPN connection active

Hello,

when I connect to the VPN, it stops all internet traffic. The connection to the VPN is successful. While the connection is made, if I attempt to browse in safari on my computer, not on another computer via a VNC client like ChickenoftheSea since I have the connection previously made, I cannot ssurf. I cannot ping any site. All the while the connection to the VPN is fine.

I can retrieve email as well - internet trafic related

Any ideas?

Thanks Much!

DevDewboy
devdewboy is offline   0 Reply With Quote
Old Jul 17, 2009, 01:30 PM   #2
belvdr
macrumors 68040
 
Join Date: Aug 2005
Yeah, whoever you are connecting to via VPN is not using split tunnelling to increase security.
belvdr is offline   0 Reply With Quote
Old Jul 17, 2009, 05:15 PM   #3
foshizzle
macrumors regular
 
Join Date: Oct 2007
check your DNS on the VPN connection.
foshizzle is offline   0 Reply With Quote
Old Jul 17, 2009, 06:16 PM   #4
ChrisA
macrumors G4
 
Join Date: Jan 2006
Location: Redondo Beach, California
This is likely intentional. VPNs are commonly set up that say. The Cisco VPN software our company gives to employees to use at home does this too.

The reason is that while you are connected via the VPN to the corporate network you are literally inside their firewall. If your computer were at the same time connected to your home ISP then it could route between the networks and act as a gateway to the corporate network.

Quote:
Originally Posted by devdewboy View Post
Hello,
when I connect to the VPN, it stops all internet traffic. ....
DevDewboy
ChrisA is offline   0 Reply With Quote
Old Jul 17, 2009, 10:16 PM   #5
sjinsjca
macrumors 65816
 
Join Date: Oct 2008
As others have noted, this is the way IT departments assholically set up their security policies.

Connect the VPN, watch your internet connectivity go bye-bye. Or, maybe even worse, watch your internet connectivity get routed through the IT department for scrubbing and monitoring and databasing. Yup, your IMs, personal emails and tweets might be accumulating in some database that the Lords of IT can review if ever they want to get something on you. Also, when connected to the VPN, the IT folks might be loading keyloggers and other goodies on your machine, though that's less likely with a Mac than a Windows machine.

If that creeps you out, then do as I do and run your VPN in a virtual machine reserved for the purpose.
sjinsjca is offline   0 Reply With Quote
Old Jul 19, 2009, 07:56 AM   #6
belvdr
macrumors 68040
 
Join Date: Aug 2005
Quote:
Originally Posted by sjinsjca View Post
As others have noted, this is the way IT departments assholically set up their security policies.

Connect the VPN, watch your internet connectivity go bye-bye. Or, maybe even worse, watch your internet connectivity get routed through the IT department for scrubbing and monitoring and databasing. Yup, your IMs, personal emails and tweets might be accumulating in some database that the Lords of IT can review if ever they want to get something on you. Also, when connected to the VPN, the IT folks might be loading keyloggers and other goodies on your machine, though that's less likely with a Mac than a Windows machine.

If that creeps you out, then do as I do and run your VPN in a virtual machine reserved for the purpose.
You have no idea what you're talking about. IT is not really interested in all of that. Realistically, it's the company making these policies and IT enforces them. I have yet to know a company that installs keyloggers as part of an official policy. The IT staff has administrative access to the devices they support, so having a keylogger installed is excessive.

Last edited by belvdr; Jul 19, 2009 at 09:00 AM.
belvdr is offline   0 Reply With Quote
Old Jul 19, 2009, 10:23 AM   #7
Chris.L
macrumors 6502a
 
Chris.L's Avatar
 
Join Date: Jan 2009
Location: UK
My employer uses a keylogger as part of the policy, so I don't use the computer they provided

Sounds like you might need to put proxy settings into Safari. On the computer that you are VNC'ing to, go Tools > Internet Options > Connections > LAN Settings and have a look to see if their is any proxy information in there. Replicate it within Safari.

The above is assuming you are using IE on the remote client.
__________________
New to forums?
Chris.L is offline   0 Reply With Quote
Old Jul 19, 2009, 03:42 PM   #8
belvdr
macrumors 68040
 
Join Date: Aug 2005
I've seen many company policies and never heard/seen that. I wonder if it is a UK thing, but for the US, two major companies who have strict security policies do not use that.

I have no idea why they would even need that, as you can get anything you want from the firewall or from a SPAN port.
belvdr is offline   0 Reply With Quote
Old Jul 20, 2009, 05:14 AM   #9
Eski
macrumors newbie
 
Join Date: Oct 2007
It might be simpler..

It might be simpler than suggested. When I connect with VPN to my work network I have to change the proxy settings to get web access. I therefore change over to the work proxy settings (as I do when in work).

Hope that helps.
Eski is offline   0 Reply With Quote
Old Jul 20, 2009, 05:28 AM   #10
Queso
macrumors 603
 
Join Date: Mar 2006
Quote:
Originally Posted by sjinsjca View Post
As others have noted, this is the way IT departments assholically set up their security policies.
And if your data suddenly went "bye-bye" because an infected computer uploaded malware onto all of the servers I bet you'd blame the IT department for that too....

As for the rest of your post, come back to planet Earth. We miss you.
Queso is offline   0 Reply With Quote
Old Sep 10, 2009, 08:45 AM   #11
gugus2000
macrumors newbie
 
Join Date: Sep 2009
No politics please, I need a technical solution

As I own the server the political discussions about employer spying etc do not apply to me. I don't spy on myself. I really need a technical solution:

Server is Tiger, client is now Snow Leopard. According to the Tiger server doc even when the flag "route all traffic..." on the client is not checked the client will ONLY access the DNS server through the VPN. Well, this has not been true for the last 3 years! I never had the problem before. Only since I upgraded my MacBook Pro from Leopard to Snow Leopard this DNS rule seems to be active. I run my own server and need access to my internal mail and file server while working from home or on-site at a customer. I normally have the VPN connection open all day. The only 2 servers I need to access in my private network do not have DNS entries anyway but their address is hardcoded (I know, should not do that, but hey, it's two addresses I control). This style of working is not possible anymore. I have to constantly switch manually between VPN on and off. And I cannot simply put DNS servers fix into VPN advanced prefs because I need intra- and internet access from home and various customer sites as well as public WLAN.

Please help, this is very annoying
Have fun
---markus---
gugus2000 is offline   0 Reply With Quote
Old Sep 10, 2009, 10:25 AM   #12
whooleytoo
macrumors 603
 
whooleytoo's Avatar
 
Join Date: Aug 2002
Location: Cork, Ireland.
Send a message via AIM to whooleytoo
This might be completely off the wall.. but I've had a problem previously where the subnet on the VPN (all addresses were 192.168.1.xxx) was the same as on my WiFi connection at home. Even though I was connecting to the VPN using Ethernet, this Wifi configuration was causing problems connecting until I changed the Wifi settings to another subnet (192.168.100.xxx).

So you might consider checking that there isn't a network location on your client with the same subnet as on your VPN. If all else fails, might be worth a try.
__________________
Mac <- Macintosh <- McIntosh apples <- John McIntosh <- McIntosh surname <- "Mac an toshach" <- "Son of the Chief"
whooleytoo is offline   0 Reply With Quote
Old Nov 17, 2009, 04:58 PM   #13
sjinsjca
macrumors 65816
 
Join Date: Oct 2008
Quote:
Originally Posted by belvdr View Post
I have yet to know a company that installs keyloggers as part of an official policy.
I have.

In fact, I was invited to write a custom one for a large and well-known food products company.

Sorry for the late response, just noticed your comment. I do know what I'm talking about in this case.
sjinsjca is offline   0 Reply With Quote
Old Nov 17, 2009, 05:02 PM   #14
sjinsjca
macrumors 65816
 
Join Date: Oct 2008
Quote:
Originally Posted by Queso View Post
And if your data suddenly went "bye-bye" because an infected computer uploaded malware onto all of the servers I bet you'd blame the IT department for that too...
Hence my recommendation to run the VPN and a limited set of mission-critical applications (email, file sharing, basic Office apps) in a secured virtual machine.

I do not agree that every bit and byte of every laptop-toter's internet traffic should be routed through the company's firewall. But that's the default for most setups I've seen.

The host laptop should, of course, be running good antivirus and firewall utilities, especially if Windows-based.
sjinsjca is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
How to block ALL non-VPN traffic? [OS 10.9] cb911 Mac OS X Server, Xserve, and Networking 2 Apr 25, 2014 10:28 AM
Can VPN see traffic not directed to go through it. I'm.with.stupid Mac Basics and Help 2 Nov 26, 2013 06:48 AM
VPN not redirecting traffic cclloyd Mac Basics and Help 0 Mar 14, 2013 10:17 AM
Selective VPN Traffic? w00t951 MacBook Pro 10 Dec 29, 2012 08:12 PM
VPN + VPN + MS Remote desktop connection only with 1 Mac PtiGuily Windows, Linux & Others on the Mac 0 Oct 15, 2012 10:27 AM

Forum Jump

All times are GMT -5. The time now is 10:30 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC