[VPN] Managing browser proxy settings on VPN client

DePriest, Jason R. jrdepriest at ftb.com
Thu Jul 24 12:38:42 EDT 2003


I'm sorry I didn't see this question the first time around...

If you wanted to have an additional step, you could write a small
VBScript that altered your systems registry entries where the proxy
settings are stored.

Under
'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings', there are entries like 'ProxyEnable' and 'ProxyServer' that
you could change on the fly.

-Jason

-----Original Message-----
From: Watson, Travis [mailto:Travis.Watson at Honeywell.com] 
Sent: Tuesday, July 22, 2003 11:32 AM
To: 'Dale Shaw'
Cc: vpn at lists.shmoo.com
Subject: RE: [VPN] Managing browser proxy settings on VPN client


Dale,

There is no real way to do it unless your users are all doing dial-up.
For IPSec--particularly broadband--users will
either have to use two different browsers or manually toggle it on or
off--unless you want to force all web traffic
through the proxy and not require authentication.  That, or only have
VPN users be allowed to go through without
authentication based on the IP address they get dished out when they
authenticate to the termination point.  Comparative
to split-tunneling, it seems lesser of a risk since they have already
authenticated once via VPN.  But, obviously,
that's your decision to make.

Forcing IE (or any browser) to be smart enough to know when it's on the
company net vs. the world...don't think you will
have much luck there with IPSec.  But if you find a way, please let me
know.

--Travis

-----Original Message-----
From: Dale Shaw [mailto:DShaw at exceed.com.au]
Sent: Thursday, July 17, 2003 11:15 PM
To: vpn at lists.shmoo.com
Subject: RE: [VPN] Managing browser proxy settings on VPN client


Hi,

I've had a few direct replies but obviously I didn't clearly define my
problem.

I don't need help working out how to apply IE proxy settings (using
scripts, policies or whatever) and I don't want (won't) to do any split
tunneling. It's pretty simple:

- When the VPN connection is up, I want to use a proxy server accessible
only over the VPN.
- When the VPN connection is down, I don't want to use a proxy server at
all

The hurdle is that in either scenario, I am connected to the Internet
using the same Dial-Up Networking connection in Windows, and since IE
doesn't know whether or not the VPN connection is up or not, it has no
way of applying appropriate proxy settings for each situation.

Surely this is not an uncommon problem? Any clues appreciated. I'm
looking for an elegant way to solve this - making it work, somehow,
isn't too tough.

Cheers,
Dale

-----Original Message-----
From: Siddhartha Jain [mailto:losttoy2000 at yahoo.co.uk] 
Sent: Friday, 18 July 2003 4:17 AM
To: vpn at lists.shmoo.com

Its not clear what you want. You want the browsing to
go thru your VPN tunnel or thru your ISP??

I suggest, take a look at the split-tunneling feature
in the Cisco 3005 manual.


-----Original Message-----
From: Dale Shaw 
Sent: Thursday, 17 July 2003 2:41 PM
To: vpn at lists.shmoo.com

Hi,

Does anyone know of a clever way to manage web browser proxy settings on
VPN clients? Here's the situation:

A Windows XP Professional client has a modem dialup to an ISP. The user
dials up then establishes a connection to a Cisco 3005 VPN Concentrator
using the Cisco VPN Client (4.0.1). The problem is, the browser (IE6)
doesn't know or care whether or not the VPN tunnel is up - it has the
ability to set "per-connection" proxy settings, but what do I set them
to? If I set them to point at a proxy server accessible only over the
tunnel, the user won't be able to browse "in the clear" (directly via
their ISP, when the tunnel is down).

I would prefer not to have separate Dial-Up Networking connections for
"Dialup" and "Dialup + VPN" and I don't have the infrastructure in place
to do anything "fancy" like PBR or WCCP.

Looking for a low maintenance solution.. I have considered putting a
wrapper around the VPN client dialer that changes the appropriate
registry setting, but it's a bit gruesome.

Cheers,
Dale

_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn

_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn



More information about the VPN mailing list