Avian Gamers Network :: View topic - Tech question: managing network traffic and VPNs

Avian Gamers Network http://www.avian-gamers.net/forums/

Tech question: managing network traffic and VPNs http://www.avian-gamers.net/forums/viewtopic.php?f=1&t=14024	Page 1 of 1

Author:	Rocklar [ Mon Jan 31, 2005 11:38 am ]
Post subject:	Tech question: managing network traffic and VPNs
My company recently switched from an Intel VPN solution to one by Cicso (ver 4.0.3) and now I'm unable to have Trillian Pro connected to MSN, Yahoo and ICQ as they're managing all traffic. Is there a way to direct the traffic for MSN, Yahoo and ICQ to another network connection? I have a wireless connection that I do not use in this config and it is not tunneled. Also, I recognize that IT is probably scanning all my net activity now so, if possible, I'd like to access the net independently for that as well. Currently, I simply kill the VPN unless I'm actively checking email or doing something on the company's network. Worst case, I'll continue to do that or just move Trillian to another computer but I'd prefer to keep it on all the time on my laptop. Thanks for any suggestions!

Author:	Obo [ Mon Jan 31, 2005 1:08 pm ]
Post subject:
Would need a bit more info on the setup of the LANs and where the VPN endpoint is, normal net acces is, etc.

Author:	Obo [ Mon Jan 31, 2005 2:45 pm ]
Post subject:
Actually, now that I think of it, do you have transparent tunneling enabled?

Author:	dbakke [ Mon Jan 31, 2005 3:20 pm ]
Post subject:
Can't you manually set your traffic to go over port 80, or 8080...those are typically left open. /crawls back into non-techy land.

Author:	Obo [ Mon Jan 31, 2005 3:42 pm ]
Post subject:
Now that I think on it more.... /refreshMemory I assume the VPN server you are connecting to is not using split-tunnel. So basically all traffic goes through the tunnel, instead of everything going directly to the net by default apart from the specified (by the VPN server) 'work/office' subnets. Do they actually want this to happen? Suppose it all depends on what your setup is. Anyway, when the VPN client connects, it modifies the routing table. So I wonder if it's possible to then change the routing table again after connection to change the default route. Never tried it ('cause I'm always on a split-tunnel when I have to use em ), but I can test it out. Half talking out of my arse as I try to remember the mechanics of VPNs.

Author:	bigyak [ Mon Jan 31, 2005 3:47 pm ]
Post subject:
Rocky, This is a common commerical setup, and is happening more and more throughout the corporate world. Some options I've seen: - Use the AIM-lite and ICQ-lite over the web (no trillian for you!) - See if your Firewall guys will open the chat ports (unlikely, but some do) - Check the VPN software that you have on your machine to see if there's any port management features. I haven't used Cisco's, but there might be - If you're running XP, set your machine up for multiple users. Have one using VPN and the other not. Use the Windows-L key to switch between the two users. (This only works in the VPN software doesn't control the entire LAN card and only your user's I/O) - See if you can play around in your network settings to have two connections, both through the same LAN card, and then only use VPN over one of them - Do you also have dial-in? Have your VPN going over the LAN, and non-VPN over the Dial-in. XP should automatically combine the connections, though you might have to play around with Trillian to get it to use the right pipe out - Last suggestion: Get back to work! Who needs Forums/Chat at work, anyway?! Slacker - The Real Yak (posting from work )

Author:	Rocklar [ Mon Jan 31, 2005 5:43 pm ]
Post subject:
Wow, thanks for the responses, everyone! dbakke: I don't know where/if I can modify the port number. If you have Trillian and can tell me, I'd give ya ... oh I don't know ... at least a nickel! Obo: Transparent tunneling is enabled. The old tunnel, something from Intel, utilized split-tunneling and that may be why they're dumping it. I'll take a look at the routing table and see if modifying that would work. Yak: I couldn't find anything in the VPN's GUI regarding port management. The multiple connections idea sounds good and I'll try that out. Oh, and as for your last comment, I respond with the following: Never! They will never force productivity upon me! Freedom! Thanks again for the pointers. I'll post here if anything works. From what I've seen on the net, there are quite a few people with Cisco VPN forced upon them and they're none too happy about it.

Author:	Obo [ Mon Jan 31, 2005 5:55 pm ]
Post subject:
I've done a bit of testing on a non split-tunnel connection (have access to a PIX). I've tried to change the routing table after the connection is established but it doesn't seem to make a difference. The client seems to change something in the network interface setup so that it gets consulted first on all network traffic no matter what. So it basically grabs the default gateway and doesn't let go, even if the routing tables default is changed. The client program basically operates a new network interface which goes through the client itself, and the client has instruction from the VPN server to encrypt all traffic and route it through the tunnel. But altering the routing table itself can stop traffic routing through the tunnel; just can't get it to go anywhere else. As far as I can tell, you won't be able to use another connection to reroute certain traffic away from the VPN. But I'll play around with it a bit more.

Author:	Rocklar [ Mon Jan 31, 2005 11:21 pm ]
Post subject:
Good, albeit disappointing, to know. Thanks for the testing, Obo. It actually wasn't all that bad today connecting the VPN just long enough to DL email and then drop it again. Trillian is forced offline as soon as the VPN comes up but very obediently comes right back up once I drop the VPN.

Author:	Obo [ Tue Feb 01, 2005 3:07 pm ]
Post subject:
Even if you could route out over another interface, you'd have to know all the 'work' subnets you need to connect to via the VPN to rebuild the routing table to then get the VPN itself to work. If it's only one subnet you need to use, you might be able to convince your admin to use a split-tunnel. Takes all of a minute to do. But then, IT admins being lazy bastards....

Page 1 of 1	All times are UTC - 5 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/