----- Message from riteshsarraf@gmail.com ---------
Date: 23 Dec 2006 23:33:49 -0800
From: Ritesh Raj Sarraf <riteshsarraf@gmail.com>
Reply-To: Ritesh Raj Sarraf <riteshsarraf@gmail.com>
Subject: Re: Dual Interface Routing Question
To: debian-isp@lists.debian.org
Jim Popovitch wrote:On Sun, 2006-12-24 at 00:12 +0530, Ritesh Raj Sarraf wrote: > I have one more scenario where I think are issues without multiple routes. > > When I'm at home, I connect to my office network using a VPN Connection > something like: > > rrs@geeKISSexy:~ $ route -n > Kernel IP routing table> Destination Gateway Genmask Flags Metric Ref Use Iface > 202.X.112.XXX 192.168.1.1 255.255.255.255 UGH 0 0 0 eth2 > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 > 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0> >> Now, If my understanding is correct, the default route ends to be through tun0 > and all data, except for my internal network 192.168.1.1/24, has to be tunneled> through tun0. > > What is the path when I hit for www.debian.org in my browser ? > Does it route through my corporate VPN Network ? It routes through tun0. If tun0 is your vpn connection to work, then yes www.debian.org (and everything else) goes through your vpn to work. If you don't want that to happen, we need to know what vpn you are using to give you hints on how not to set your default route to the vpn.Wow!! That's interesting. So I was correct. That was the reason why pages took much more time to open. It's a Cisco VPN Implementation and I'm using vpnc to connect to the VPN network. The ideal solution here would hvae been to allow all company network related data to pass through the VPN network where as for the rest (The internet in general) to pass through My Wireless Interface => My Router => My ISP => The Internet. Thanks, Ritesh -- To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
----- End message from riteshsarraf@gmail.com ----- Hi,I think your present configuration is the safest one. And what is a VPN without security?
When you are connected to your company's network all your outgoing traffic should pass through your VPN interface. And if you want surf on internet while connected, through your company's proxys server.
Let's see two hypothetical scenarios, just in case your computer gets compromised and your VPN client is up:
-With your present configuration: "nothing happens" because your computer is isolated from internet. All your traffic goes through your company network.
-With other configuration (some traffic through the VPN interface and some through your default interface): a Bad guy from Internet can achieve your company's networks using your computer as a gateway.
Best regards
Juan
--
Mi nueva direccion es: - My new email address is: - Mon nouveau email est:
juan@elsotanillo.net
----------------------------------------------------------------------------
Linux User Registered: 257202
http://www.elsotanillo.net
----------------------------------------------------------------------------