 |
 |
When connected to VPN, external computers unavailable
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Dec 2002
Status:
Offline
|
|
I can connect to our VPN from my 10.2.3 Mac and access all the internal resources. But while the connection is active, I cannot get to any external IP addresses. I think this is because Mac OS X tries to route all traffic through the VPN connection instead of just routing internal traffic through it. On WinXP, there is a checkbox that specifies not to do that, which aleviates the problem, but there is no such setting on the Mac. I am sure since we are using a Free BSD core, that there is a great command that adjusts the default route which will fix the problem, but do not know it. Does anyone have any suggestions?
Thanks,
Nate
|
|
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Jul 2002
Location: Sydney, Australia
Status:
Offline
|
|
I was under the impression that this is jsut the way VPN works to create a "secure" connection. If VPN left external connections open when a link was created, it would be opening the HOST network to attacks coming from anywhere on YOUR unsecured side of things.
This is simply the nature of the beast and something you have to live with when delaing with a secure VPN connection.
AFAIAA
|
|
|
| |
|
|
|
|
|
|
|
Junior Member
Join Date: May 2001
Status:
Offline
|
|
The OS X built-in VPN client won't let you access external machines while connected, but Digi-Tunnel will: http://www.gracion.com/gracion/vpn/
(30 day trial, then you have to pay for it)
You need to manually configure it to handle some addresses through the VPN and some through your internet connection.
|
|
|
| |
|
|
|
|
|
|
|
Forum Regular
Join Date: Nov 2001
Status:
Offline
|
|
Originally posted by Wet Jimmy:
I was under the impression that this is jsut the way VPN works to create a "secure" connection. If VPN left external connections open when a link was created, it would be opening the HOST network to attacks coming from anywhere on YOUR unsecured side of things.
This is simply the nature of the beast and something you have to live with when delaing with a secure VPN connection.
AFAIAA
You are partially correct, but it does not always have to be implemented that way. I can give you some real world examples of why you would not always want to do it that way if you are interested.
|
|
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Jul 2002
Location: Boston, MA
Status:
Offline
|
|
In my experience and deployment of VPN, what you are talking about is called split tunneling which is generally configured on the concentrator. Such a setup may go against your organization's policy for one, and two it may not be such a hot idea from their standpoint anyway. In any event, most likely they have a firewall downstream from the concentrator which dictates what a device may access. Try opening a dialog with your network's administrator.
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
