Re: seeing outside corporate network when on VPN

On Thu, 31 Jan 2008 05:35:48 +0000 (UTC), dold@xxxxxxxxxxxxxxxx wrote:

No, ignoring "mandatory" settings is broken, unless I misunderstand the
meaning of mandatory.

Yeah, one would assume that mandatory means that you can't play with
the settings. However, there's some question as to how much of the
configuration is enforced in that manner. For example, if the IT
department was worried about the other family machines on the LAN
getting into the corporate LAN via the VPN, the configuration might
intentionally disconnect all local LAN connections (like the network
printer). On the other foot, if they wanted to accomodate weird and
all to common home networks, they could leave the local LAN devices
accessible (and by implication, user reconfigurable). Lots of options
and possibilities.

There is another VPN tunnel buzzword that I forget, that allows you to
access a defined LAN.

Static route?

It would be simple enough to tell everyone that
their home LAN needs to be 192.168.48.0 if they want access to their local
printer.

I have 2 network printers at home. 3 more in the office. I just got
a Samsung CLP-550N color laser printer, so I guess that's now 4 in the
office. Never mind all the NAS (network attached storage) boxes at
both locations. I don't think IT wants to deal with my home
nightmare.

Much more disgusting is when the corporate LAN at the end of the VPN
and the local LAN both have the same class C IP block. For example,
if both are on 192.168.1.xxx. It won't take much to create a
duplicate IP address even if the tunnel is assigned a different IP
block. That's why I use 192.168.111.xxx for my office LAN and use
other numbers for my customers.

A static persistent route to my network printer didn't work when
I had mandatory tunneling.

Yep. Same here depending on where I point the gateway.

Like the model numbers and revision levels for hardware, it might be
helpful to know what products he is trying to use.

Hey... that's my line. Copyright pending on my accompanying insults
and insulting remarks.

That's why I used it ;-)

For a moment, I thought you were emulating my style, agreeing with my
methodology, and adopting all my bad habits. Please don't scare me
like that again.

Lots of low end printers have WiFi built in now. The $399 1TB file server
thing at Best Buy only has network connections, no USB. My 10 year old
HP4000N has ethernet.

Yep. And as soon as you connect to your corporate VPN, they all
disappear from your LAN.

The cable modem is my slow link. I can hit wire speed with or without VPN
to the same site.

Some things are just too slow to run over a VPN, as compared to using
a remote desktop (PC Anywhere, VNC, MS remote desktop, etc) solution.
For example, running a program that insists on constantly loading and
unloading a bunch of small modules to do things is really slothish on
a VPN, but perfectly usable with remote desktop software.

Incidentally, consider yourself at fault for ruining my evening. I
decided it was time to renumber the IP's in the office. That involved

oh, never do that... I did that accidentally, by resetting my router to
defaults (hey, that was your advice!), losing my MAC-IP reservations, and
then I couldn't figure out (months later) why my file sharing didn't
work... firewall setup.

Nicely done. I'm still recovering from the damage done when changing
IP's, but it's not too horrible. I still have some boxes to tweak. As
for resetting the router, I accept the responsibility but not the
blame. Any decent router should have a way to save the settings. I
never reset anything without first saving the settings. However, I
was playing with the flashing lights and the GPIO command last night.
One of the GPIO commands initiated a grand reset to defaults of the
router. This was not exactly planned and required that I restore from
my backups. Fortunately, I've been doing firmware upgrades, so there
were plenty of previous backups. I also have printed copies, but
those would take some effort to excavate. Incidentally, I carry the
saved settings with me on a USB dongle because I use them as templates
for creating newer setups.

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 jeffl@xxxxxxxxxxxxxxxxxxxxxx
# http://802.11junk.com jeffl@xxxxxxxxxx
# http://www.LearnByDestroying.com AE6KS
.

Relevant Pages

  • Re: VPN usage question
    ... Exactly the same as a LAN. ... > A VPN is a network connection on top of another connection. ...
    (microsoft.public.windowsxp.general)
  • Re: VPN routing from NAT to NAT
    ... You have two routes to the 192.168.1.0 network using different ... think you are connecting to the 192.168.1.125 gateway is that it is ... VPN connections are finicky depending on your exact network ... >it is a remote machine and not on my 100BaseTX LAN. ...
    (microsoft.public.windowsxp.work_remotely)
  • My First VPN and my first Problem
    ... network and my LAN at home. ... (No small feat for a network newbie). ... The VPN Gateway at home is a LinkSys BEFVP41 Router Firmware Version ... The remote VPN Client software is TheGreenbowVPN. ...
    (microsoft.public.isa.vpn)
  • Re: VPN not working when i connect through SBS 2003 server running ISA 2004
    ... I've tried playing around with the security settings to no avail. ... problem PCs (we have tested several within the network behind ISA) will VPN ... VPN endpoint. ...
    (microsoft.public.windows.server.sbs)
  • Re: AMI BIOS setting question
    ... there is a wake on LAN from power off setting. ... change "wake on settings" to Disabled, ... Is the NIC waking the computer up or are you just trying to get the LED to ... Report that "a network cable is unplugged" when the computer is shut off. ...
    (alt.comp.hardware.pc-homebuilt)