Sharing across a VPN

[excalibur313]

I have this windows computer for work that dials into a vpn using the ethernet. I would really love it though if it could share an external hard drive to the macs in my house and maybe even allow the windows computer to print from an ethernet printer I have on my network (I currently print to it using a usb which is less than ideal when I'm on the back deck wirelessly connectetd). I heard something about tunneling but when I talked to the IT guys at my place of work they were clueless. Is there anyway that I can access my local network for drive and print sharing while still being connected the vpn?
Thanks,
Stephen

 

[superbovine]

do you want to be able to access your macs from work or your pc at home from your mac?

you said your PC that "dials" into your vpn. do you mean you have a laptop that connects to your work's vpn from home through your ethernet, or you connect to your works vpn from your office?


well i don't know the answer but if you office has a vpn server out on the internet someplace, you can use the os x vpn client or download one that will create a tunnel which will give you mac whatever access to the network you are granted. the download would depend on what kind vpn server you have. for example if it was a cisco vpn, you'd need the cisco client. in turn other computers on that network could access your mac and print and get files.

the other hand if you want to vpn into your macs your'll need to get a vpn server for your mac. in panther, the built vpnd server didn't work or no one could figure out how to properly set it up properly out on the internet. i am not sure about tiger. your'll probably need to get third party software and configure your broadband router with the properly forwardings.

 

[excalibur313]

What I meant was that the windows computer is at my house and connects to the vpn there.
I would like to be able to have access to a hard drive that's connected to my windows pc from my mac.

 

[superbovine]

what verison of windows do you have?

windows 2000/windows xp pro have vpn servers built in to them and you could setup it up to vpn into your windows computer from work using the vpn client in os x.

http://www.chicagotech.net/vpnsetup.htm#How to configure Win 2000/XP Pro as VPN host

you will probably need some broadrouter/basestation setup as well.

 

[excalibur313]

Hmm is there another way? This VPN is one for the company and it wouldn't let my mac on nor do I want to. I guess I just want a way for the windows computer while connected to the vpn to still be able to access some stuff on the local network such as the printer. Actually if it's easier I could have the hard drive connected to the mac and then the windows computer could just connect to the mac to share the hard drive.
Thanks again,
Stephen

 

[superbovine]

the problem is your vpn might not like you login into the vpn from work and from at the same time.

 

[excalibur313]

So there is no way to say "look to the vpn for everything except the printer where you should look locally and the networked hardrive which requires connecting to a local computer?"

 

[superbovine]

you are confused. printer selection has nothing to do with the vpn. you can choose a printer on a vpn network though.

 

[excalibur313]

I guess what I'm trying to say is that since my printer is an ethernet printer on my local network (192.168.1.200) I can only connect to it when I'm not on the vpn because as soon as I connect to the vpn it switches the computer from being on the local network to the vpn network. I want a way to tunnel through the vpn so that it will still look locally for my printer but is still connected to the vpn for everything else. Put a different way my printer is not connected to my computer through a usb cable it is a network one. This is why my printer's connection to my computer is tied through the local network.

 

[hmmfe]

I guess what I'm trying to say is that since my printer is an ethernet printer on my local network (192.168.1.200) I can only connect to it when I'm not on the vpn because as soon as I connect to the vpn it switches the computer from being on the local network to the vpn network. I want a way to tunnel through the vpn so that it will still look locally for my printer but is still connected to the vpn for everything else. Put a different way my printer is not connected to my computer through a usb cable it is a network one. This is why my printer's connection to my computer is tied through the local network.

So, you are saying that when the VPN is active, you lose connectivity to your LAN? How are you connected to your LAN? What VPN client are you using?

In short, your VPN client should intercept packets destined only for a specific network. In some corportate environments, this behavior is changed so that when connected to the corportate network your computer is isolated from other computers. This is a security "feature" that can be turned off with some configuration (all depending on the VPN client and server you have). I am guessing, though that you'll have little luck convincing IT to change.

There are some ways around this, but it requires some knowledge of networking and perhaps some hardware/software puchases.

 

[strydr]

Split Tunnel

THis is called Split Tunnel. Most current VPN clients allow this (Win XP client, Mac Client). On the Mac client, under connect, Options, uncheck send all traffic over VPN, this should allow split tunnel. On the windows smachine split tunnel is active by default. A few points of failure- WIn XP SP2 Firewall needs to be configured (if you're going to dial IN to the XP box. ALso, your Router must allow PPTP pass-through, and I've had problems with certin ISP's blocking VPN traffic. The last thing to consider is what IP scheme you are using at work, and at home- What I mean by this is this: If you are on a 192.168.1.X at home, and work is using the same 192.168.1.X config., you may have issues seeing both sides. I have had to use 10.10.X.X at my house to allow me to connect to 192.168.1.X networks. Hope this helps.

 

[hmmfe]

THis is called Split Tunnel. Most current VPN clients allow this (Win XP client, Mac Client). On the Mac client, under connect, Options, uncheck send all traffic over VPN, this should allow split tunnel. On the windows smachine split tunnel is active by default. A few points of failure- WIn XP SP2 Firewall needs to be configured (if you're going to dial IN to the XP box. ALso, your Router must allow PPTP pass-through, and I've had problems with certin ISP's blocking VPN traffic. The last thing to consider is what IP scheme you are using at work, and at home- What I mean by this is this: If you are on a 192.168.1.X at home, and work is using the same 192.168.1.X config., you may have issues seeing both sides. I have had to use 10.10.X.X at my house to allow me to connect to 192.168.1.X networks. Hope this helps.

The settings you mention will only change which default route will be used. In Excalibur's case, he is having issues with local subnet traffic (by definition not implicating the default route).

Cisco's (and other's) VPN clients will also block local traffic and also enforce a central policy that will prevent the end-user from changing settings. If this is the case, then Excalibur is SOL.

 

[strydr]

look into DigiTunnel (http://www.gracion.com/vpn)- they allow you to chose what subnets to tunnel, and what subnets to leave alone. So, if his printer is on the local (192.168.1.X) subnet, and his work is using a 172.30.X.X subnet, only traffic sent to that subnet will be tunneled- all traffic destined for the 192.168.1.X subnet will be sent through the local LAN. With this, I can vpn into a job site, and print to any of the printers there, and still maintain connections to shares and printers on my local subnet. Not sure if this is the answer to Excalibur's question, but my 2 cents.

 

[hmmfe]

look into DigiTunnel (http://www.gracion.com/vpn)- they allow you to chose what subnets to tunnel, and what subnets to leave alone. So, if his printer is on the local (192.168.1.X) subnet, and his work is using a 172.30.X.X subnet, only traffic sent to that subnet will be tunneled- all traffic destined for the 192.168.1.X subnet will be sent through the local LAN. With this, I can vpn into a job site, and print to any of the printers there, and still maintain connections to shares and printers on my local subnet. Not sure if this is the answer to Excalibur's question, but my 2 cents.

A potential solution if corporate is using PPTP instead of IPsec.

 

[excalibur313]

My network setup at home (since I have a home office) is a firewall that was given to us by the company which distributes IPs to the entire network and a wireless router is connected to it. The winblows computer connects via a vpn by cisco that is a IPSec/UDP transport. Does this mean that I'm out of luck?

 

[hmmfe]

My network setup at home (since I have a home office) is a firewall that was given to us by the company which distributes IPs to the entire network and a wireless router is connected to it. The winblows computer connects via a vpn by cisco that is a IPSec/UDP transport. Does this mean that I'm out of luck?

Not necessarily. There is an option in Cisco's VPN clients to "Allow local LAN access". Here is a link from Cisco that shows you where.

http://www.cisco.com/en/US/products...ducts_user_guide_chapter09186a00800bd983.html


If the policy is enforced, you might not be able to change these settings.