[NTLUG:Discuss] pass all packets between two nics

Kenneth Loafman ken at lt.com
Thu Jun 5 11:50:49 CDT 2003 

Merlin wrote:
> Kenneth Loafman amused Merlin with these comments:
> 
>>Jack Snodgrass wrote:
>>
>>>that's it. Your home box will have both a real, ISP assigned Address
>>>and a private, VPN assigned Address. The VPN client will setup routes
>>>for your private network to go via your VPN interface. So... if you
>>>ping www.yahoo.com for instance, you'll go via your ISP and use your
>>>ISPs address. If you ping your WindowsA machine, you'll go via your
>>>VPN connection to your private network. The VPN connection will
>>>encrypt the packet that is going to go over your VPN and it will then
>>>send it  to your VPN server over the internet using the public IP
>>>Addresses.
>>
>>One question about the above scenario.  When I worked at Sabre and used
>>VPN to access their local network, all internet connections went via
>>VPN, including browsing, ftp, and so on.  So when you went to some site
>>and forgot about your VPN connection, the work systems were still
>>logging your activity.  That's not good for separating your work and
>>private lives.
>>
>>Is that problem still in VPN connections, or was there something we
>>needed to unset to get the system to not use VPN for everything?
>>
>>It would be handy to use VPN (ssh is somewhat limited), but not at the
>>cost of user privacy when at home.
> 
> 
> My VPN connection to work from home still works this way.
> 
> My guess is that it has something to do with my company using DHCP.  Since
> I get my corporate IP via DHCP, I'm also getting DNS, WINS and all that
> other "fun stuff" via DHCP as well, so all of my routes are as if I was
> internal to the network.
> 
> Makes it really interesting for web browsing from home since my company
> uses Web Sense.
> 
> If you could set up your VPN connection with static information, or if you
> could run a web proxy on your home connection, that might mitigate some of
> these issues.


OK.  I think I'll tackle it on the company end.  We log web access for 
later forensics if we have a problem.  Policy applies to work only, not 
our employees personal life, so I don't want to snare anyone that might 
be browsing something questionable at home, and I especially don't want 
to log what they do at home.  We don't use VPN now for that very reason, 
but I have the gut feeling that I might be able to set up a VPN that 
does not have that problem.  Sounds like a challenging problem.

...Ken

More information about the Discuss mailing list