I am using Aventail with an token to connect to an corporate network.
Just wondering if there is any way to change the behavior.
When I am connected, I cannot use the local printer anymore.
And I would like to use the internet directly, but only route to the corporate network for a few adresses.
Now my internet via the corporate network is as quick as the corporate network. And that could be a little
quicker via my own connection.
Is there anybody who know how to manipulate the routing when using Aventail ?
I’ve got no idea about Aventail but on openVPN access server there is an option for this :
**Should client Internet traffic be routed through the VPN?
**
Setting this to no allows all the openVPN clients to use internet directly. I guess there should be a similar setting on Aventail.
I connot find any configuration about that. I think the Aventail might work the same, i don’t know, but the appearance is sertainly different. I cannot set that many parpameters in the graphical user interface.
On Fri, 30 Sep 2011 14:46:03 +0000, ReneM64 wrote:
> I connot find any configuration about that. I think the Aventail might
> work the same, i don’t know, but the appearance is sertainly different.
> I cannot set that many parpameters in the graphical user interface.
It’s possible that the VPN operators have configured the access
intentionally so you can access either the corporate network or the
public network - I worked for a company once upon a time that did this
specifically so VPN-connected systems couldn’t be used as an attack
vector (real time at least) to compromise internal systems.
Rather than try to circumvent corporate policies, you might ask your IT
department if that is in fact the case.
I agree completely with Jim here, only in very exceptional circumstances have I allowed a VPN to be bypassed to access local network resources in realtime.
Some workarounds I’ve seen include
Deploying a virtual Guest (eg VMware, Xen, Virtualbox, etc) on the same client machine configured with a Share shared with the Host. Because the virtual Guest isn’t configured as a VPN client, it can access all local network resources.
Configure the local network gateway as the VPN endpoint, not the Host. This likely means purchasing an el cheapo Sonicwall for your gateway.
I don’t know that you can run multiple network network configurations (eg VPN vs no VPN) based on User login, AFAIK only one instance of network services can run at a time no matter how many Users are logged in.
Well, that is a nice theory, and I can imagine the purpose. But if I logged in with aventail on windows, I could use my local network printer.
IT department don’t support linux based system. So I am on my own with that.
I will not buy an sonicwall for my gateway, since I have no idea what the use is. And next year it will be changed to arcot.
That also will be challange to get to connect.
Have you considered the first option I recommended?
Only requires approx these resources to deploy a Virtual Guest (using paravirtualization, slight differences using other simultaneiously running OS like User Spaces)
256mb RAM if using a minimal Desktop or no Desktop
2-4GBGB free disk space(less for lighter Desktop)
Minimal CPU cycles if not used for more than VPN
If you <know> your SysAdmins don’t care if you are configured with a Split VPN(aka split tunneling), I imagine there is probably a way to configure it… Do you have access to your VPN config? You may need to ask Sonicwall how to configure. Only document I was able to find had the ominous comment related to the Linux client “No support for endpoint control”
Actually I do understand the goal of the first option. But that solution would not be the most preferred once.
Altough I will consider it, maybe possible to combine it with an outlook client.