PDA

View Full Version : Slimserver and VPN



Paul_Colley@mapinfo.com
2004-08-03, 08:31
Make sure your local LAN and the network at work have different addresses
--- there's no hope of making this work if 192.168.1.100 is both your home
computer and a computer at work!

Work uses the 192.168.*.* range so I moved my home network to 10.*.*.* and
I haven't had any problems since.

- Paul
paul_colley (AT) mapinfo (DOT) com +1 416 609 7706

James Craig
2004-08-03, 08:47
Ah now that is a very good suggestion - I can indeed see lots of 192.168
hosts on the work network.
Changing it scares me a bit though!

James

Paul_Colley (AT) mapinfo (DOT) com wrote:

>Make sure your local LAN and the network at work have different addresses
>--- there's no hope of making this work if 192.168.1.100 is both your home
>computer and a computer at work!
>
>Work uses the 192.168.*.* range so I moved my home network to 10.*.*.* and
>I haven't had any problems since.
>
>- Paul
> paul_colley (AT) mapinfo (DOT) com +1 416 609 7706
>
>
>
>
>

Steve Baumgarten
2004-08-03, 12:29
> Ah now that is a very good suggestion - I can indeed see lots of 192.168
> hosts on the work network. Changing it scares me a bit though!

Keep us posted on whether it works -- I have exactly the same problem at
home. It seems to depend on whether the VPN software (my wife uses some
version of the Nortel software) allows for "split tunneling". If it does,
and if it's enabled (it is enabled/disabled at the server, not the client,
at least in the case of the Nortel software), and if your home PC is using
a different IP range than what's at the other end of the VPN (i.e., you
change your end from 192.168.XXX.XXX to something else if work is also
using the 192.168 range), then everything will work as you want. Packets
destined for the 192.168 range (work) will go through the VPN; everything
else will stay local.

If, however, split tunneling is disabled, you're out of luck, since in
that case all packets are sent through the VPN regardless of address
range.

http://www.security-forums.com/forum/viewtopic.php?t=17021

System administrators don't like allowing split tunneling, of course,
because it means that your PC isn't totally isolated from the outside (non
work) world while connected to work. In practice, of course, it's not a
tremendous security boost since a virus or spyware-infected PC is just as
dangerous once it's on that VPN even if it isn't, right at that moment,
connected to the outside (non work, non VPN) world via split tunneling.
This is also why many companies insist you use a company-provided PC or
laptop that you never connect to any other network or the Internet.

My current solution at home is to run Windows 98 inside of VMware and run
the Nortel VPN and whatever telnet/browser sesions are needed for office
work from within VMware. A bit of a Rube Goldberg solution, but it
definitely works for us, the performance is fine, and it's allowed us to
continue to use just our one PC for file serving of all kinds.

SBB

James Craig
2004-08-04, 02:22
No, it didn't work.
I changed my network to 99.99.. (which was actually really easy) but
still no luck.
Thanks for everyone's suggestions - I will check internally if the
'split tunnelling' is possible with this software.

Luckily my other half is getting a new laptop so this shouldn't be a
major problem in the future!

James

Steve Baumgarten wrote:

>>Ah now that is a very good suggestion - I can indeed see lots of 192.168
>>hosts on the work network. Changing it scares me a bit though!
>>
>>
>
>Keep us posted on whether it works -- I have exactly the same problem at
>home. It seems to depend on whether the VPN software (my wife uses some
>version of the Nortel software) allows for "split tunneling". If it does,
>and if it's enabled (it is enabled/disabled at the server, not the client,
>at least in the case of the Nortel software), and if your home PC is using
>a different IP range than what's at the other end of the VPN (i.e., you
>change your end from 192.168.XXX.XXX to something else if work is also
>using the 192.168 range), then everything will work as you want. Packets
>destined for the 192.168 range (work) will go through the VPN; everything
>else will stay local.
>
>If, however, split tunneling is disabled, you're out of luck, since in
>that case all packets are sent through the VPN regardless of address
>range.
>
>http://www.security-forums.com/forum/viewtopic.php?t=17021
>
>System administrators don't like allowing split tunneling, of course,
>because it means that your PC isn't totally isolated from the outside (non
>work) world while connected to work. In practice, of course, it's not a
>tremendous security boost since a virus or spyware-infected PC is just as
>dangerous once it's on that VPN even if it isn't, right at that moment,
>connected to the outside (non work, non VPN) world via split tunneling.
>This is also why many companies insist you use a company-provided PC or
>laptop that you never connect to any other network or the Internet.
>
>My current solution at home is to run Windows 98 inside of VMware and run
>the Nortel VPN and whatever telnet/browser sesions are needed for office
>work from within VMware. A bit of a Rube Goldberg solution, but it
>definitely works for us, the performance is fine, and it's allowed us to
>continue to use just our one PC for file serving of all kinds.
>
>SBB
>
>
>