|
|
Connect to VPN AND local Network
|
|
|
|
Mac Elite
Join Date: Mar 2000
Location: Allston, MA, USA
Status:
Offline
|
|
Not sure if this belongs here, so mods please move if I made a mistake.
I am using the Cisco VPN Client 4.0.3 E (I know it is out of date, but it is what we support) to connect to my school network from home. When I connect to their network I lose connectivity to my home network, which cuts me off of my network printer, iTunes library, etc. The helpdesk has informed me this is the way it is meant to work (it works this way under Windows as well). Can anyone think of a way around this, i.e. stay connected to my local network while connected to the remote one? I am connected to the internet via Airport. I was wondering if there was a way to keep a second local connection open.
Grateful for any suggestions.
-- Jason
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jul 2002
Status:
Offline
|
|
Should be part of the configuration for your VPN client that only traffic to certain addresses go through the VPN. However, I have no idea how to set that, sorry.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2000
Location: Allston, MA, USA
Status:
Offline
|
|
There is a checkbox that allows for access to the local network, but it needs to be enabled on both the client and server end (and since they are doing this by design, it is not enabled on their end).
Is there any way to get around this, like routing local traffic before it gets to to the VPN?
-- Jason
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Sep 2003
Status:
Offline
|
|
Change the IP setup for your home network. They probably both have the 192.168.xxx.xxx setup. Changing helped me in going from my corporate to home network . . . might help you.
This will only work if your VPN client is smart enough to route non-VPN traffic over your LAN.
(
Last edited by CorpITGuy; Jan 20, 2005 at 03:48 PM.
)
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Sep 2003
Status:
Offline
|
|
You could also find an el cheapo XP box and RDC to it for your school stuff, then just minimize it and work on your Mac. I have one for a file/print server.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2000
Location: Allston, MA, USA
Status:
Offline
|
|
Originally posted by nstehle:
Change the IP setup for your home network. They probably both have the 192.168.xxx.xxx setup. Changing helped me in going from my corporate to home network . . . might help you.
This will only work if your VPN client is smart enough to route non-VPN traffic over your LAN.
It's smart enough, it's just being told not to do it. I'll give your idea a shot anyway though.
-- Jason
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Nov 2001
Status:
Offline
|
|
Originally posted by jasong:
Not sure if this belongs here, so mods please move if I made a mistake.
I am using the Cisco VPN Client 4.0.3 E (I know it is out of date, but it is what we support) to connect to my school network from home. When I connect to their network I lose connectivity to my home network, which cuts me off of my network printer, iTunes library, etc. The helpdesk has informed me this is the way it is meant to work (it works this way under Windows as well). Can anyone think of a way around this, i.e. stay connected to my local network while connected to the remote one? I am connected to the internet via Airport. I was wondering if there was a way to keep a second local connection open.
Grateful for any suggestions.
-- Jason
OS X should be able to handle this, unless the VPN app is being a REALLY awful neighbor.
If you go to the terminal and do 'netstat -rn' what do you see?
You should see something like this:
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 68 0 en0
19 ppp0 USc 13 0 ppp0
19.219.192.41 19.219.198.46 UH 0 0 ppp0
19.250.248.149/32 192.168.1.1 UGSc 0 0 en0
19.252.68.41 192.168.1.1 UGHS 2 2173 en0
127 127.0.0.1 UCS 0 0 lo0
...
This says that the default for all traffic is the local network. IF I try and access something over the VPN (in my example, the 19 class A subnet -- quite large ;-) ONLY THEN is the traffic routed over the VPN.
In my case I'm using OS X's built in VPN client, so if I need to address things, all I need to do is go to "Network Port Configurations" in the network preference pane, and drag the VPN option to the bottom of the list (higher entries in that list are higher in priority). With 3rd party VPNs, I don't know. You can manually manipulate the routing tables via the command line 'route' application -- but I'm going to put that in the "for pros only" category
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Status:
Offline
|
|
Normally, simultaneous connections to a VPN and an unsecured network are not allowed, for security reasons. To enable it, you usually have to set both sides to allow it. This is a feature, not a bug.
Unfortunately, it does screw you over a fair bit. The only way around it, assuming you can't get the other end to allow outside connections (and the odds of this are almost nil), is to save the files to your hard drive, disconnect from the VPN, and print from there.
|
You are in Soviet Russia. It is dark. Grue is likely to be eaten by YOU!
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Apr 2001
Status:
Offline
|
|
As others have said, it's designed to work that way and it would take some major hacking at the driver level to get around it. The policy is set by the network administrator of the network to which you're connecting and is pushed down each time you connect.
If it's possible to set your printer up to do AppleTalk printing, you can still print while connected, since the VPN doesn't affect non-IP protocols.
Wade
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Mar 2005
Status:
Offline
|
|
I found two great places that can help you get connected to the Internet. If you want to do it manually it might take some time. If you are up for it Geekzone has a good tutorial that helps you configure and share the internet by using your Bluetooth enabled desktop or notebook with internet access as an internet gateway for your iPAQ Pocket PC with Windows Mobile 2003:
http://www.geekzone.co.nz/content.asp?contentid=1421
Otherwise you can get software that does it for you. This is what I have found to be the easiest way:
http://www.bvrp.com/ENG/products/GPR...er/Default.asp
--neo
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Apr 2001
Location: Asheville, NC
Status:
Offline
|
|
This is definitely networking and not Mac OS specific.
|
ACSA 10.4/10.3, ACTC 10.3, ACHDS 10.3
|
|
|
|
|
|
|
|
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
Originally posted by Detrius:
This is definitely networking and not Mac OS specific.
Yes it is, and Millenium is 100% right. As noted, a VPN link has to be configured for the route-around function at both ends, and since this IS a security feature, you can almost bet the whole farm that the school IT folks will NOT help you out.
Here's the reason for the prohibition. If you allowed simultaneous connections on the VPN and the open network, you could easily cross the traffic, effectively shorting around the school's firewall. THIS is the reason to prevent such simultaneous connections.
|
Glenn -----OTR/L, MOT, Tx
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Sep 2004
Status:
Offline
|
|
Originally posted by CatOne:
...
In my case I'm using OS X's built in VPN client, so if I need to address things, all I need to do is go to "Network Port Configurations" in the network preference pane, and drag the VPN option to the bottom of the list (higher entries in that list are higher in priority). With 3rd party VPNs, I don't know. You can manually manipulate the routing tables via the command line 'route' application -- but I'm going to put that in the "for pros only" category
hmmm... when I try and drag the order it sits where I put it until I connect, then it moves to the top of the list and won't go back down until I disconnect
DigiTunnel ( http://macupdate.com/info.php/id/7900) apparently has a checkbox to not use the remote default gateway
I have a similar issue... we don't have a policy in place, in fact WinXP users are instructed to turn off the 'use default remote gateway' option but I don't have the option
Wonder if Tiger will roar in with an improved VPN client - important if Apple are pulling more users away from Windows for cross-platform harmony !
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|