|
Posted by Chris Barnabo on January 17, 2006, 11:50 am
If you were Registered and logged in, you could reply and use other advanced thread options
I'm sitting at a T-Mobile hotspot, and for the second time in a week
it's causing me no end of trouble with e-mail. Apparently, as an "anti-
spam" measure, T-Mobile intercepts all SMTP traffic, no matter what
server you're trying to use, and shoves it through its own SMTP relay
server. Problem is, T-Mobile's SMTP relay server has been on a major
spam block list for weeks! So, anything sent through it vanishes into
the ether, never to be seen again.
I have a working VPN connection between my laptop (running SoftNet
Remote) and my home office (using a Linksys BEFVP41). Works great - I
can see all the local systems at home, access the printer there,
retrieve files from my servers, everything you'd want.
My mail servers are hosted externally, not on my home office network.
What I'd like to do is route my inbound (POP) & outbound (SMTP) mail
over the VPN (POP also because the SMTP servers "authenticate" by seeing
a connection to the incoming box first). But I'm having trouble with
the configuration ... ROUTE PRINT isn't showing me any sort of gateway
or interface associated with the VPN (so, no idea how the VPN is
successfully routing traffic but it is!), and any ROUTE ADD attempts I
make tell me that "the interface index is wrong or the gateway doesn't
lie on the same network as the interface".
How can I specify that I want all traffic to 38.118.142.x to go through
my VPN instead of directly over the T-Mobile internet connection?
Thanks!
-- Chris
________*________ Chris Barnabo, chris@spagnet.com
____________ \_______________/ http://www.spagnet.com
\__________/ / /
__\ \_______/ /__ "The heck with the Prime Directive,
\_______________/(- let's destroy something!"
|
 
| |
Posted by Martin Bodenstedt on January 18, 2006, 7:23 am
If you were Registered and logged in, you could reply and use other advanced thread options
Chris Barnabo schrieb:
> How can I specify that I want all traffic to 38.118.142.x to go through
> my VPN instead of directly over the T-Mobile internet connection?
What kind of vpn software do You use that allows split tunneling in the
first place?
Good VPN Software routes *all* traffic through the vpn tunnel without
You having to configure anything!
--
Martin Bodenstedt
(www.die-bodenstedts.de / www.maboko.de)
|
|
Posted by Chris Barnabo on January 25, 2006, 1:59 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> What kind of vpn software do You use that allows split tunneling in the
> first place?
>
Hello Martin,
I'm using SafeNet's SoftRemote VPN product. It allows you to specify
which range of IP addresses should be directed down the VPN path,
everything else goes down the direct pipe to the internet provider.
When I was working at IBM the SINE and AT&T MTS remote access products
did a similar split, directing only the IBM internal traffic down the
VPN path and leaving everything else on the internet path - otherwise
the internet traffic simply congested the internal network (in through
the VPN, then back out through the SOCKS servers ...)
As it happens, I've resolved the immediate problem by pumping the POP
and SMTP traffic through OpenSSH to a server at home, and I may even
tear down the VPN entirely in favor of SSH at some point - but I'm still
curious how to setup the split tunnel properly.
-- Chris
________*________ Chris Barnabo, chris@spagnet.com
____________ \_______________/ http://www.spagnet.com
\__________/ / /
__\ \_______/ /__ "The heck with the Prime Directive,
\_______________/(- let's destroy something!"
|
|
Posted by Martin Bodenstedt on January 26, 2006, 7:23 am
If you were Registered and logged in, you could reply and use other advanced thread options
> says...
>> What kind of vpn software do You use that allows split tunneling in the
>> first place?
>>
>
> Hello Martin,
>
> I'm using SafeNet's SoftRemote VPN product. It allows you to specify
> which range of IP addresses should be directed down the VPN path,
> everything else goes down the direct pipe to the internet provider.
How in this case do You prevent malicious software downloaded from the
internet frim infecting the corporate network through the VPN?
--
Martin Bodenstedt
(www.die-bodenstedts.de / www.maboko.de)
|
|
Posted by Chris Barnabo on February 2, 2006, 12:15 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Chris Barnabo schrieb:
> > says...
> >> What kind of vpn software do You use that allows split tunneling in the
> >> first place?
> >>
> >
> > Hello Martin,
> >
> > I'm using SafeNet's SoftRemote VPN product. It allows you to specify
> > which range of IP addresses should be directed down the VPN path,
> > everything else goes down the direct pipe to the internet provider.
>
> How in this case do You prevent malicious software downloaded from the
> internet frim infecting the corporate network through the VPN?
Bear in mind that I'm a VPN user, not a network engineer ... :-)
I can't speak for SafeNet's capabilities in this regard, but the other
products I've used that provide for split tunneling are supposed to
block any routing of traffic from the internet pipe to the VPN pipe (and
vice-versa). Of course, that only works presuming that the person at
the keyboard isn't trying to actively subvert it, but then if they were
planning to do that you're already exposed by virtue of them having
access to the network at all.
The VPN network would also be exposed to the posibility of malware
infection through the connected machine - someone could pick up bad code
down the internet path that turns around and tries to connect down the
VPN path. But that risk could also exist if the user were solely
connected to the VPN - e.g. the user could surf to a site which installs
malicious code by going through the VPN and out through that network's
proxy servers, etc. A clear case where defense in depth is needed -
reliable code on the user workstation to prevent infections, AND
reliable mechanisms within the VPN network to defend against problems.
Too many folks think that the firewall is going to protect their
internal network, only to have it compromised when they plug an infected
machine into it from the inside.
-- Chris
________*________ Chris Barnabo, chris@spagnet.com
____________ \_______________/ http://www.spagnet.com
\__________/ / /
__\ \_______/ /__ "The heck with the Prime Directive,
\_______________/(- let's destroy something!"
|
| Similar Threads | Posted | | Access Internet/Email while using VPN | January 3, 2006, 6:15 pm |
| Untraceble email back to my computer/identity ? | May 25, 2005, 1:01 pm |
| VPN routing.... | December 12, 2006, 12:26 pm |
| VPN and Routing in one box | September 8, 2007, 8:44 pm |
| VPN routing | October 15, 2007, 5:18 pm |
| Need help routing IPX over IPsec | February 10, 2005, 11:35 pm |
| VPN and routing between branches | July 21, 2005, 11:00 am |
| openvpn and routing | February 6, 2006, 12:50 pm |
| Cisco VPN Routing | November 26, 2006, 9:06 am |
| VPN Internet routing problem | January 10, 2006, 4:23 am |
|
|
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map