[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Dual Interface Routing Question

----- Message from riteshsarraf@gmail.com ---------
    Date: 23 Dec 2006 23:33:49 -0800
    From: Ritesh Raj Sarraf <riteshsarraf@gmail.com>
Reply-To: Ritesh Raj Sarraf <riteshsarraf@gmail.com>
 Subject: Re: Dual Interface Routing Question
      To: debian-isp@lists.debian.org

Jim Popovitch wrote:
On Sun, 2006-12-24 at 00:12 +0530, Ritesh Raj Sarraf wrote:
> I have one more scenario where I think are issues without multiple routes.
> When I'm at home, I connect to my office network using a VPN Connection
> something like:
> rrs@geeKISSexy:~ $ route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface > 202.X.112.XXX UGH 0 0 0 eth2 > U 0 0 0 eth2 > U 0 0 0 tun0
> Now, If my understanding is correct, the default route ends to be through tun0 > and all data, except for my internal network, has to be tunneled
> through tun0.
> What is the path when I hit for www.debian.org in my browser ?
> Does it route through my corporate VPN Network ?

It routes through tun0.  If tun0 is your vpn connection to work, then
yes www.debian.org (and everything else) goes through your vpn to work.
If you don't want that to happen, we need to know what vpn you are using
to give you hints on how not to set your default route to the vpn.

Wow!! That's interesting. So I was correct. That was the reason why
pages took much more time to open.

It's a Cisco VPN Implementation and I'm using vpnc to connect to the
VPN network.

The ideal solution here would hvae been to allow all company network
related data to pass through the VPN network where as for the rest (The
internet in general) to pass through My Wireless Interface => My Router
=> My ISP => The Internet.


To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

----- End message from riteshsarraf@gmail.com -----

I think your present configuration is the safest one. And what is a VPN without security?

When you are connected to your company's network all your outgoing traffic should pass through your VPN interface. And if you want surf on internet while connected, through your company's proxys server.

Let's see two hypothetical scenarios, just in case your computer gets compromised and your VPN client is up:

-With your present configuration: "nothing happens" because your computer is isolated from internet. All your traffic goes through your company network.

-With other configuration (some traffic through the VPN interface and some through your default interface): a Bad guy from Internet can achieve your company's networks using your computer as a gateway.

Best regards

Mi nueva direccion es: - My new email address is: - Mon nouveau email est:
Linux User Registered: 257202

Reply to: