I'm looking for a VPN Client...

Doug Young dougy at BRYDEN.APANA.ORG.AU
Sat May 5 19:59:51 EDT 2001 

Is it normal to "not allow internet connectivity when a tunnel is up" ??
If thats the case then the value of VPN to me is marginal at best

----- Original Message -----
From: "Longar, Dennis" <dlongar at IBSYS.COM>
To: <VPN at SECURITYFOCUS.COM>
Sent: Friday, May 04, 2001 11:52 PM
Subject: Re: I'm looking for a VPN Client...


> I think most clients are capable of doing just what your asking.
> It's how you set up your end device.  The VPN concentrator that
> you use should be set up to not allow split tunnels, or should
> be set up to not allow internet connectivity when a tunnel is up.
> Most devices have filters and routes to prevent that type of
> connectivity.
>
> Most client application that I have worked with do not allow
> any split tunneling on the client end.  If they do it's usually
> turned off and if you want it, both the client and the server
> have to allow it.
>
> If you don't understand what split tunneling is, it's where
> the client can use the IPSEC tunnel for specific IP routes
> (usually to the office) and then at the same time can use
> the local internet connection for internet traffic.  I would
> consider this unsafe, unless there is also a firewall or proxy
> server at the client end, but it is desirable if you are doing
> a deployment of VPN to serve a whole office, to say, replace
> private frame relay or other dedicated connections.
>
> What you want to avoid with split tunneling is someone hacking
> into a remote network and then being able to use your IPSEC
> tunnel to connect to all your private network segments thus
> a firewall should be required and managed by the same people
> that manage the VPN server.
>
> Thanks!
>
> -Dennis
>
> > -----Original Message-----
> > From: Mats Akerberg [mailto:mats at DECUS.SE]
> > Sent: Thursday, May 03, 2001 1:10 PM
> > To: VPN at SECURITYFOCUS.COM
> > Subject: I'm looking for a VPN Client...
> >
> >
> > Hi!
> >
> > I'm looking for a IPsec VPN client that have the built in
> > feature to close down all other communication while the
> > VPN is active.
> >
> > For example when I'm connected to the Office over internet
> > it's not possibly to connect to internet itself just to the
> > office network.
> >
> >              Thanks
> >
> >
> >              Mats Akerberg (mats at decus.se)
> >                http://www.decus.se/~mats
> >  PGP fingerprint 39 74 49 B0 40 0F 16 CA  C1 EE AA 08 55 76 CE 6F
> >
> > VPN is sponsored by SecurityFocus.COM
> >
>
> VPN is sponsored by SecurityFocus.COM
>

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list