[jasong]

Not sure if this belongs here, so mods please move if I made a mistake.

I am using the Cisco VPN Client 4.0.3 E (I know it is out of date, but it is what we support) to connect to my school network from home. When I connect to their network I lose connectivity to my home network, which cuts me off of my network printer, iTunes library, etc. The helpdesk has informed me this is the way it is meant to work (it works this way under Windows as well). Can anyone think of a way around this, i.e. stay connected to my local network while connected to the remote one? I am connected to the internet via Airport. I was wondering if there was a way to keep a second local connection open.

Grateful for any suggestions.

-- Jason

[Thinine]

Should be part of the configuration for your VPN client that only traffic to certain addresses go through the VPN. However, I have no idea how to set that, sorry.

[jasong]

There is a checkbox that allows for access to the local network, but it needs to be enabled on both the client and server end (and since they are doing this by design, it is not enabled on their end).

Is there any way to get around this, like routing local traffic before it gets to to the VPN?

-- Jason

[CorpITGuy]

Change the IP setup for your home network. They probably both have the 192.168.xxx.xxx setup. Changing helped me in going from my corporate to home network . . . might help you.

This will only work if your VPN client is smart enough to route non-VPN traffic over your LAN.

[CorpITGuy]

You could also find an el cheapo XP box and RDC to it for your school stuff, then just minimize it and work on your Mac. I have one for a file/print server.

[jasong]

Originally posted by nstehle:
Change the IP setup for your home network. They probably both have the 192.168.xxx.xxx setup. Changing helped me in going from my corporate to home network . . . might help you.

This will only work if your VPN client is smart enough to route non-VPN traffic over your LAN.

It's smart enough, it's just being told not to do it. I'll give your idea a shot anyway though.

-- Jason

[CatOne]

Originally posted by jasong:
Not sure if this belongs here, so mods please move if I made a mistake.

I am using the Cisco VPN Client 4.0.3 E (I know it is out of date, but it is what we support) to connect to my school network from home. When I connect to their network I lose connectivity to my home network, which cuts me off of my network printer, iTunes library, etc. The helpdesk has informed me this is the way it is meant to work (it works this way under Windows as well). Can anyone think of a way around this, i.e. stay connected to my local network while connected to the remote one? I am connected to the internet via Airport. I was wondering if there was a way to keep a second local connection open.

Grateful for any suggestions.

-- Jason

OS X should be able to handle this, unless the VPN app is being a REALLY awful neighbor.

If you go to the terminal and do 'netstat -rn' what do you see?

You should see something like this:

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 68 0 en0
19 ppp0 USc 13 0 ppp0
19.219.192.41 19.219.198.46 UH 0 0 ppp0
19.250.248.149/32 192.168.1.1 UGSc 0 0 en0
19.252.68.41 192.168.1.1 UGHS 2 2173 en0
127 127.0.0.1 UCS 0 0 lo0
...

This says that the default for all traffic is the local network. IF I try and access something over the VPN (in my example, the 19 class A subnet -- quite large ;-) ONLY THEN is the traffic routed over the VPN.

In my case I'm using OS X's built in VPN client, so if I need to address things, all I need to do is go to "Network Port Configurations" in the network preference pane, and drag the VPN option to the bottom of the list (higher entries in that list are higher in priority). With 3rd party VPNs, I don't know. You can manually manipulate the routing tables via the command line 'route' application -- but I'm going to put that in the "for pros only" category

[Millennium]

Normally, simultaneous connections to a VPN and an unsecured network are not allowed, for security reasons. To enable it, you usually have to set both sides to allow it. This is a feature, not a bug.

Unfortunately, it does screw you over a fair bit. The only way around it, assuming you can't get the other end to allow outside connections (and the odds of this are almost nil), is to save the files to your hard drive, disconnect from the VPN, and print from there.

[wadesworld]

As others have said, it's designed to work that way and it would take some major hacking at the driver level to get around it. The policy is set by the network administrator of the network to which you're connecting and is pushed down each time you connect.

If it's possible to set your printer up to do AppleTalk printing, you can still print while connected, since the VPN doesn't affect non-IP protocols.

Wade

[neofreez]

I found two great places that can help you get connected to the Internet. If you want to do it manually it might take some time. If you are up for it Geekzone has a good tutorial that helps you configure and share the internet by using your Bluetooth enabled desktop or notebook with internet access as an internet gateway for your iPAQ Pocket PC with Windows Mobile 2003:

http://www.geekzone.co.nz/content.asp?contentid=1421

Otherwise you can get software that does it for you. This is what I have found to be the easiest way:

http://www.bvrp.com/ENG/products/GPR...er/Default.asp
--neo

[Detrius]

This is definitely networking and not Mac OS specific.

[ghporter]

Originally posted by Detrius:
This is definitely networking and not Mac OS specific.

Yes it is, and Millenium is 100% right. As noted, a VPN link has to be configured for the route-around function at both ends, and since this IS a security feature, you can almost bet the whole farm that the school IT folks will NOT help you out.

Here's the reason for the prohibition. If you allowed simultaneous connections on the VPN and the open network, you could easily cross the traffic, effectively shorting around the school's firewall. THIS is the reason to prevent such simultaneous connections.

[zzarg]

Originally posted by CatOne:
...
In my case I'm using OS X's built in VPN client, so if I need to address things, all I need to do is go to "Network Port Configurations" in the network preference pane, and drag the VPN option to the bottom of the list (higher entries in that list are higher in priority). With 3rd party VPNs, I don't know. You can manually manipulate the routing tables via the command line 'route' application -- but I'm going to put that in the "for pros only" category

hmmm... when I try and drag the order it sits where I put it until I connect, then it moves to the top of the list and won't go back down until I disconnect

DigiTunnel (http://macupdate.com/info.php/id/7900) apparently has a checkbox to not use the remote default gateway

I have a similar issue... we don't have a policy in place, in fact WinXP users are instructed to turn off the 'use default remote gateway' option but I don't have the option

Wonder if Tiger will roar in with an improved VPN client - important if Apple are pulling more users away from Windows for cross-platform harmony !