Web with VPN

Topic

New Reply

I’ve a DSL connection at home. When I connect to the corporate VPN I’m unable to access any web page. I don’t know what info is needed so please ask. I’ll reply promptly.

Reply | Quote

Replies

The proxy server at work is most likely blocking your access to the web page. And ONLY the IT support will be able to remove the block.

Can you access the web page FROM work, but may be going through a different server?

DaveA I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living

Reply | Quote

Is your web browser configured to use a Proxy Server? If not then your employer’s firewall will almost certainly be blocking your traffic.

If there is a proxy server on the work network then you should configure your browser to use it. If there isn’t then you or may not be able to work around the problem, depending on the VPN software in use. It may be possible to manually configure routes so that work related traffic is directed through the VPN and other stuff goes directly. This may very well be prohibited by your employer’s security policy – so the proxy server is a better option.

StuartR

Reply | Quote

Yes, corporate does use proxy for all outgoing traffic. I would like to direct only corporate traffic across the VPN while all undesignated traffic uses my default gateway (dsl modem/router). Can this be done in Win2k? I don’t have a need for my web traffic to pass through the corporate LAN, just Terminal Services, Citrix and the like.

Reply | Quote

It is possible to use the ROUTE command to specify which traffic should use which network interface.

Your VPN connection acts like a second network interface, and when the connection is set up it adds a set of routes so that all traffic will “prefer” to go through the tunnel.

A suitable incantantation of ROUTE ADD commands will tell TCP/IP to send all traffic through your normal network interface, except for stuff to particular subnets (such as your employer’s network). The exact commands you need to do this will depend on confidential information that you should probably not post here, such as the range of network addresses on your employers network. But the starting point will be to get the IP addresses of all the resources that you need to access on their network, and to use ROUTE PRINT to establish all your current routes. This is not for the faint hearted – and please remember what I said about possible conflict with your employer’s security policy.

StuartR

Reply | Quote

I’ve checked with work and they don’t have a problem with this. I was hoping this wouldn’t come to manipulating routes manually. I’ve also verified that there is nothing in these routes that cannot be shared. It’s all a DMZ. So, here’s the output of route print when I am not connected to the VPN…
===========================================================================
Interface List
0x1 ……………………… MS TCP Loopback interface
0x1000003 …00 a0 cc e5 d6 72 …… PCI Bus Master Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 1
192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 1
224.0.0.0 224.0.0.0 192.168.0.2 192.168.0.2 1
255.255.255.255 255.255.255.255 192.168.0.2 192.168.0.2 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None

Now here’s the output when I am connected…
===========================================================================
Interface List
0x1 ……………………… MS TCP Loopback interface
0x1000003 …00 a0 cc e5 d6 72 …… PCI Bus Master Adapter
0x6000004 …00 53 45 00 00 00 …… WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.1.82 172.16.1.82 1
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 2
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.16.1.82 255.255.255.255 127.0.0.1 127.0.0.1 1
172.16.255.255 255.255.255.255 172.16.1.82 172.16.1.82 1
192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 1
192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 1
216.136.89.196 255.255.255.255 192.168.0.1 192.168.0.2 1
224.0.0.0 224.0.0.0 172.16.1.82 172.16.1.82 1
224.0.0.0 224.0.0.0 192.168.0.2 192.168.0.2 1
255.255.255.255 255.255.255.255 192.168.0.2 192.168.0.2 1
Default Gateway: 172.16.1.82
===========================================================================
Persistent Routes:
None

What should I do? I see the possibility of persistent routes. Is this worth while?

Reply | Quote

We can do something with persistent routes, but give me a couple of days, as I am in a hotel with very limited internet access this week.

StuartR

Reply | Quote

I am a patient man. Thanks for your help.

Reply | Quote

Try changing the Metric associated with the default route that goes via your employers network., using the syntax
ROUTE CHANGE 0.0.0.0 MASK 0.0.0.0 172.16.1.82 METRIC 10

This should increase the metric for this default route, so the other default route (with a metric of 2) should get used instead. If this totally screws up your network then restore the original route with
ROUTE CHANGE 0.0.0.0 MASK 0.0.0.0 172.16.1.82 METRIC 1

You will need to do this manually after establishing the VPN, unless the address of 172.16.1.82 is always the same.

Let us know if it works

StuartR

Reply | Quote

what vpn software fo you use?

Reply | Quote