VPN stops Internet traffic on my iMac while VPN connection active

Discussion in 'Mac OS X Server, Xserve, and Networking' started by devdewboy, Jul 17, 2009.

  1. devdewboy macrumors newbie

    Jun 19, 2008

    when I connect to the VPN, it stops all internet traffic. The connection to the VPN is successful. While the connection is made, if I attempt to browse in safari on my computer, not on another computer via a VNC client like ChickenoftheSea since I have the connection previously made, I cannot ssurf. I cannot ping any site. All the while the connection to the VPN is fine.

    I can retrieve email as well - internet trafic related

    Any ideas?

    Thanks Much!

  2. belvdr macrumors 603

    Aug 15, 2005
    No longer logging into MR
    Yeah, whoever you are connecting to via VPN is not using split tunnelling to increase security.
  3. foshizzle macrumors regular

    Oct 17, 2007
  4. ChrisA macrumors G4

    Jan 5, 2006
    Redondo Beach, California
    This is likely intentional. VPNs are commonly set up that say. The Cisco VPN software our company gives to employees to use at home does this too.

    The reason is that while you are connected via the VPN to the corporate network you are literally inside their firewall. If your computer were at the same time connected to your home ISP then it could route between the networks and act as a gateway to the corporate network.

  5. sjinsjca macrumors 68020


    Oct 30, 2008
    As others have noted, this is the way IT departments assholically set up their security policies.

    Connect the VPN, watch your internet connectivity go bye-bye. Or, maybe even worse, watch your internet connectivity get routed through the IT department for scrubbing and monitoring and databasing. Yup, your IMs, personal emails and tweets might be accumulating in some database that the Lords of IT can review if ever they want to get something on you. Also, when connected to the VPN, the IT folks might be loading keyloggers and other goodies on your machine, though that's less likely with a Mac than a Windows machine.

    If that creeps you out, then do as I do and run your VPN in a virtual machine reserved for the purpose.
  6. belvdr macrumors 603

    Aug 15, 2005
    No longer logging into MR
    You have no idea what you're talking about. IT is not really interested in all of that. Realistically, it's the company making these policies and IT enforces them. I have yet to know a company that installs keyloggers as part of an official policy. The IT staff has administrative access to the devices they support, so having a keylogger installed is excessive.
  7. RandomKamikaze macrumors 6502a


    Jan 8, 2009
    My employer uses a keylogger as part of the policy, so I don't use the computer they provided ;)

    Sounds like you might need to put proxy settings into Safari. On the computer that you are VNC'ing to, go Tools > Internet Options > Connections > LAN Settings and have a look to see if their is any proxy information in there. Replicate it within Safari.

    The above is assuming you are using IE on the remote client.
  8. belvdr macrumors 603

    Aug 15, 2005
    No longer logging into MR
    I've seen many company policies and never heard/seen that. I wonder if it is a UK thing, but for the US, two major companies who have strict security policies do not use that.

    I have no idea why they would even need that, as you can get anything you want from the firewall or from a SPAN port.
  9. Eski macrumors newbie

    Oct 15, 2007
    It might be simpler..

    It might be simpler than suggested. When I connect with VPN to my work network I have to change the proxy settings to get web access. I therefore change over to the work proxy settings (as I do when in work).

    Hope that helps.:)
  10. Queso Suspended

    Mar 4, 2006
    And if your data suddenly went "bye-bye" because an infected computer uploaded malware onto all of the servers I bet you'd blame the IT department for that too....

    As for the rest of your post, come back to planet Earth. We miss you.
  11. gugus2000 macrumors newbie

    Sep 10, 2009
    No politics please, I need a technical solution

    As I own the server the political discussions about employer spying etc do not apply to me. I don't spy on myself. I really need a technical solution:

    Server is Tiger, client is now Snow Leopard. According to the Tiger server doc even when the flag "route all traffic..." on the client is not checked the client will ONLY access the DNS server through the VPN. Well, this has not been true for the last 3 years! I never had the problem before. Only since I upgraded my MacBook Pro from Leopard to Snow Leopard this DNS rule seems to be active. I run my own server and need access to my internal mail and file server while working from home or on-site at a customer. I normally have the VPN connection open all day. The only 2 servers I need to access in my private network do not have DNS entries anyway but their address is hardcoded (I know, should not do that, but hey, it's two addresses I control). This style of working is not possible anymore. I have to constantly switch manually between VPN on and off. And I cannot simply put DNS servers fix into VPN advanced prefs because I need intra- and internet access from home and various customer sites as well as public WLAN.

    Please help, this is very annoying
    Have fun
  12. whooleytoo macrumors 604


    Aug 2, 2002
    Cork, Ireland.
    This might be completely off the wall.. but I've had a problem previously where the subnet on the VPN (all addresses were 192.168.1.xxx) was the same as on my WiFi connection at home. Even though I was connecting to the VPN using Ethernet, this Wifi configuration was causing problems connecting until I changed the Wifi settings to another subnet (192.168.100.xxx).

    So you might consider checking that there isn't a network location on your client with the same subnet as on your VPN. If all else fails, might be worth a try.
  13. sjinsjca macrumors 68020


    Oct 30, 2008
    I have.

    In fact, I was invited to write a custom one for a large and well-known food products company.

    Sorry for the late response, just noticed your comment. I do know what I'm talking about in this case.
  14. sjinsjca macrumors 68020


    Oct 30, 2008
    Hence my recommendation to run the VPN and a limited set of mission-critical applications (email, file sharing, basic Office apps) in a secured virtual machine.

    I do not agree that every bit and byte of every laptop-toter's internet traffic should be routed through the company's firewall. But that's the default for most setups I've seen.

    The host laptop should, of course, be running good antivirus and firewall utilities, especially if Windows-based.

Share This Page