[Hoosier_1701]

From the new features page:

VPN Settings

Enjoy new VPN options: ...<snip>... and direct all network traffic through the VPN connection.

Isn't this the way it already works? Doesn't the VPN solution in Panther route all traffic through the VPN connection? That is what I've always assumed blocks me from accessing anything that is outside of the network that I'm VPN'ed into. What I'm hoping is that Tiger has some equivalent to the Windows "use default gateway on remote network" option. When disabled, this allows you to be connected to a VPN, but access the internet and any local network resources at the same time.

[nonhuman]

Originally posted by Hoosier_1701:
From the new features page:




Isn't this the way it already works? Doesn't the VPN solution in Panther route all traffic through the VPN connection? That is what I've always assumed blocks me from accessing anything that is outside of the network that I'm VPN'ed into. What I'm hoping is that Tiger has some equivalent to the Windows "use default gateway on remote network" option. When disabled, this allows you to be connected to a VPN, but access the internet and any local network resources at the same time.

That's not how a VPN should work... It should just route traffic for a certain IP range across the VPN and everything outside that range should behave as normal and go to the internet.

[Hoosier_1701]

Originally posted by nonhuman:
That's not how a VPN should work... It should just route traffic for a certain IP range across the VPN and everything outside that range should behave as normal and go to the internet.

I agree, but that is how it works in Panther. Give it a shot. Use Internet Connect to connect to a PPTP VPN network. Then try to go anywhere in Safari or download mail with Mail.app. When I do it, I get nothing. I have to disconnect from the VPN to get regular internet connectivity back. As I mentioned before, you can avoid this on Windows by disabling the "use default gateway on remote network" option.

[larkost]

Notice that this is currently supported by the underlying systems that InternetConnect is built on. At the moment a GUI initiated connection relies on the remote server for the settings, and most only route the traffic to themselves as a security measure (in fact some require it). 10.4 is only adding this as a GUI setting. You could always set it via the command line, see MacOS X Hint for more.

[wadesworld]

That's not how a VPN should work... It should just route traffic for a certain IP range across the VPN and everything outside that range should behave as normal and go to the internet.

Depends on which VPN client we're talking about and how it's setup.

Many VPN clients disallow "split-tunneling" and require all IP traffic to go through the VPN tunnel. That's typically set on the VPN concentrator by the network admin and cannot be changed.

You can still use AppleTalk for access to non-IP resources on the local network, like printers and servers.

Wade

[metrom]

What about Sonicwall support?
Is it possible to establish a VPN connection to a SonicWall via Internet Connect in Tiger?

[larkost]

Originally posted by metrom:
What about Sonicwall support?
Is it possible to establish a VPN connection to a SonicWall via Internet Connect in Tiger?

Well... since you don't mention what model from Sonicwall, or which of the many VPN protocols that their products support we are talking about... we can't really answer that question, now can we? PPtP and L2TP are both possible though InternetConnect.

[CatOne]

Originally posted by Hoosier_1701:
I agree, but that is how it works in Panther. Give it a shot. Use Internet Connect to connect to a PPTP VPN network. Then try to go anywhere in Safari or download mail with Mail.app. When I do it, I get nothing. I have to disconnect from the VPN to get regular internet connectivity back. As I mentioned before, you can avoid this on Windows by disabling the "use default gateway on remote network" option.

Your setup is goofy. Go to "Network," view "Network Port configurations" and put your ethernet port ABOVE the PPTP setting in the list. Just drag it.

Then from terminal do 'netstat -rn' to see the routing tables. You'll note the VPN is most certainly NOT used for all traffic, if things are configured correctly.

[Hoosier_1701]

Originally Posted by CatOne

Your setup is goofy. Go to "Network," view "Network Port configurations" and put your ethernet port ABOVE the PPTP setting in the list. Just drag it.

Then from terminal do 'netstat -rn' to see the routing tables. You'll note the VPN is most certainly NOT used for all traffic, if things are configured correctly.

I checked, and my ethernet port is above PPTP in the list. The problem remains that when I connect to the VPN, I lose connectivity to the rest of the internet. I've seen mention of this on other websites, so I'm sure I'm not the only one experiencing this problem.

[pooka]

Originally Posted by Hoosier_1701

I checked, and my ethernet port is above PPTP in the list. The problem remains that when I connect to the VPN, I lose connectivity to the rest of the internet. I've seen mention of this on other websites, so I'm sure I'm not the only one experiencing this problem.

Nope, you're not the only one. We had 3 different mac/network gurus out to solve this problem with our setup. Never got it resolved. Guess there could be a workaround but they were unaware of it.

[Millennium]

Originally Posted by nonhuman

That's not how a VPN should work... It should just route traffic for a certain IP range across the VPN and everything outside that range should behave as normal and go to the internet.

Many if not most VPNs disallow this, because it's a major security hole. Split-tunnelling essentially turns every machine connected to a VPN into a gateway from the private network straight out to the Internet. To call this "malware heaven" would be an understatement.