Re: PPTP VPN Startup Connect
- From: Mike Drechsler - SPAM PROTECTED EMAIL <mike-newsgroup@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 19 Oct 2005 16:21:59 GMT
Bob wrote:
On Tue, 18 Oct 2005 15:16:06 GMT, mikah <mikah@xxxxxxxxxxxxxxxxx> wrote:
How do I make the connection on my end happen automatically when I start my computer?
If you do that, you won't be able to use your connection for anything else unless you use split tunneling, which is considered a security risk. Normally when VPN is up, all other internet connectivity is down. That's by design.
Then the design is flawed because I am able to access the Internet and connect to the VPN at the same time. And I am not using any "split tunnelling". I am using MS PPTP VPN, the one that comes with Windows 2000.
Where did you get this bizarre notion that "Normally when VPN is up, all other internet connectivity is down. That's by design."
--
If you build a man a fire and he will be warm for a day. If you set a man on fire, he will be warm for the rest of his life.
He incorrectly implied that you loose internet connectivity in the default settings. What is actually happening is your computer will send all internet traffic over the VPN. If the remote VPN endpoint is configured to allow this traffic access to the internet through their connection then your internet will still appear to work though all your traffic will now appear to be coming through the remote sides connection. Many VPN endpoints are configured by default to deny all vpn sourced traffic access to the internet so that it appears that while you are on the VPN the internet will not work. If the administrator choose to allow VPN users access to the internet through that connection they would need to change the settings (likely the NAT mappings or a firewall rule) to explicitly allow VPN users access through the gateway to the internet.
The idea behind this is that on the remote side they already have a firewall configured to their policy on security. On your local side, your firewall is not controlled by them so you could allow all inbound access to your machine for example and if you have some trojan on your computer a hacker can control your machine and by doing so have access to the networks that your machine is connected to including the remote VPN network. There was a well publicised case of exactly this happening to a Microsoft employee allowing the hacker access to the internal Microsoft network through his home computer.
In the microsoft PPTP client you can turn off the setting that sends all your internet traffic to the vpn. In many clients for different vpn routers there is a setting that the administrator can use to prevent users from disabling this split tunnelling feature in their own clients for the reason I just stated.
-- WARNING! Email address has been altered for spam resistance. Please remove the -deletethispart-. section before replying directly. Mike Drechsler (mike-newsgroup@xxxxxxxxxxxxxxxxxxxxxxxxxxxx) .
- Follow-Ups:
- Re: PPTP VPN Startup Connect
- From: Bob
- Re: PPTP VPN Startup Connect
- References:
- PPTP VPN Startup Connect
- From: Bob
- Re: PPTP VPN Startup Connect
- From: Bob
- PPTP VPN Startup Connect
- Prev by Date: Re: PPTP VPN Startup Connect
- Next by Date: Re: PPTP VPN Startup Connect
- Previous by thread: Re: PPTP VPN Startup Connect
- Next by thread: Re: PPTP VPN Startup Connect
- Index(es):
Relevant Pages
|
Loading
