Am I monitored through VPN?
August 21, 2007 4:47 PM Subscribe
This may be a dumb question, but when I am connected to my work's vpn from home (I use a vpn/remote desktop combo), is all of my traffic, even the stuff outside of the server, going through my work? In other words, can they see everything or only what I do through remote desktop?
You need to enable SPLIT-VPN, as everyone else says. If you haven't, likely they see all the traffic.
posted by SirStan at 4:59 PM on August 21, 2007
posted by SirStan at 4:59 PM on August 21, 2007
You don't need to get so fancy. They most assuredly employ a proxy server. Just unclick the little box in your browser which tells it to go through the proxy server. I am pretty sure this will get you out of the vpn connection on that browser and into the net straight through your isp. It won't prevent more sophisticated logging software etc., but most of the logging is done at the proxy server/firewall.
posted by caddis at 5:32 PM on August 21, 2007
posted by caddis at 5:32 PM on August 21, 2007
A VPN doesn't happen at the browser. Even if there is an autoconfiguring proxy server, there's also a network route to that server, and that route either takes all traffic there (not split VPN) or some (split VPN).
So yes, there's the possibility that thanks to an enforced proxy, all of your web traffic goes through work even though you have a split VPN, but that would be pretty weird. Really it comes down to the split/not-split thing that was explained above.
posted by mendel at 6:17 PM on August 21, 2007
So yes, there's the possibility that thanks to an enforced proxy, all of your web traffic goes through work even though you have a split VPN, but that would be pretty weird. Really it comes down to the split/not-split thing that was explained above.
posted by mendel at 6:17 PM on August 21, 2007
Response by poster: Thanks guys. I am currently using Mac OS 10.4 and the Cisco Client software 4.9. Odinsdream, could you tell me how to do that from a Mac? Also, any advice on configuring the Cisco client for split vpn would be great. Thanks for everyones help so far!
posted by jules1651 at 6:57 PM on August 21, 2007
posted by jules1651 at 6:57 PM on August 21, 2007
Best answer: "... Also, any advice on configuring the Cisco client for split vpn would be great. ..."
Check with your business IT people before trying this. Many businesses like to prevent split VPN operation, because it's a potential security hole, that would allow trojans or botware to use your machine as a proxy for attacking resources inside the corporate intranet. Attempting to connect to a VPN with enough security enforcement in place to detect and prevent that will be very frustrating for you. If you keep trying, they'll get annoyed, find you, log you, and have a chat with you, that may have unpleasant moments.
posted by paulsc at 7:09 PM on August 21, 2007
Check with your business IT people before trying this. Many businesses like to prevent split VPN operation, because it's a potential security hole, that would allow trojans or botware to use your machine as a proxy for attacking resources inside the corporate intranet. Attempting to connect to a VPN with enough security enforcement in place to detect and prevent that will be very frustrating for you. If you keep trying, they'll get annoyed, find you, log you, and have a chat with you, that may have unpleasant moments.
posted by paulsc at 7:09 PM on August 21, 2007
Best answer: jules, open a terminal. (Apps, Utils)
$ netstat -r
Look for the interfaces. One of them represents your upstream ISP and one represents your VPN to work. "en1" is a common upstream, and "tap0" is a common VPN interface.
If the line labled for which the destination is "default" is "tap0" or like it, then all traffic is going to your VPN endpoint, and there may be exceptions for other traffic (but not likely). If it's "en1" or like it, then your network is mostly normal and as you expect, with some exceptions for networks that are at your company. Dig it?
posted by cmiller at 7:21 PM on August 21, 2007
$ netstat -r
Look for the interfaces. One of them represents your upstream ISP and one represents your VPN to work. "en1" is a common upstream, and "tap0" is a common VPN interface.
If the line labled for which the destination is "default" is "tap0" or like it, then all traffic is going to your VPN endpoint, and there may be exceptions for other traffic (but not likely). If it's "en1" or like it, then your network is mostly normal and as you expect, with some exceptions for networks that are at your company. Dig it?
posted by cmiller at 7:21 PM on August 21, 2007
this is incredible to me. Can someone please clarify? This is the scenario as I understand it:
I log on the internet from home, for home reasons, through my normal home browser, nothing to do with work. I'm happily browsing MeFi. Just an idle evening in the privacy of my home.
Suddenly I want to check my work email, so I open up another browser, go to my company's URL with the cisco link, launch the cisco tunneling application, and then choose the RDP link from my company's remote apps page.
Now I've got a virtual desktop going (can't copy/paste between them, etc.) and when I minimize that I'm back to my real desktop.
Suddenly ALL my websurfing traffic is going through work? My metafilter window is now going through my company's proxy? Every site I visit from my "home" browser is going through my company?
This sounds wrong, wrong wrong. Although I obviously have no expertise.
Would it prove anything if I could get to a site through my "home" browser that I know is filtered by my company?
posted by luser at 11:17 AM on August 22, 2007
I log on the internet from home, for home reasons, through my normal home browser, nothing to do with work. I'm happily browsing MeFi. Just an idle evening in the privacy of my home.
Suddenly I want to check my work email, so I open up another browser, go to my company's URL with the cisco link, launch the cisco tunneling application, and then choose the RDP link from my company's remote apps page.
Now I've got a virtual desktop going (can't copy/paste between them, etc.) and when I minimize that I'm back to my real desktop.
Suddenly ALL my websurfing traffic is going through work? My metafilter window is now going through my company's proxy? Every site I visit from my "home" browser is going through my company?
This sounds wrong, wrong wrong. Although I obviously have no expertise.
Would it prove anything if I could get to a site through my "home" browser that I know is filtered by my company?
posted by luser at 11:17 AM on August 22, 2007
luser, my guess with using RDP to a specific address is that only that specific address is added to your routing table. Of course, insanity or ignorance means it's at least possible that your company's IT department has it all screwed up.
It doesn't prove anything that you can visit some sites that your company normally filters. You don't know where the filter is, topologically speaking, I presume. It might not be between your VPN address and the big bad Internet.
posted by cmiller at 1:28 PM on August 22, 2007
It doesn't prove anything that you can visit some sites that your company normally filters. You don't know where the filter is, topologically speaking, I presume. It might not be between your VPN address and the big bad Internet.
posted by cmiller at 1:28 PM on August 22, 2007
Could someone explain what Windows users should look for in the ROUTE PRINT list described above? I've had the same question about my own VPN setup.
I use Nortel Contivity VPN software and then run a batch file that says "net use w: \\xxx.xx.xx.xx\drivename /user:myname" which together let me access the work drive, Outlook, etc.
posted by Yogurt at 3:04 PM on August 22, 2007
I use Nortel Contivity VPN software and then run a batch file that says "net use w: \\xxx.xx.xx.xx\drivename /user:myname" which together let me access the work drive, Outlook, etc.
posted by Yogurt at 3:04 PM on August 22, 2007
I'm not sure if it's significant, but if I tracert to, say, CNN, no work servers are listed in the hops (and indeed, the route stays with my ISP's network right out of Canada and into the U.S.).
posted by Yogurt at 3:12 PM on August 22, 2007
posted by Yogurt at 3:12 PM on August 22, 2007
Thanks for following up my late piggyback on this question, Odinsdream. That explains it very clearly! (On my system, requests for my mapped drives go to the work server but all other requests go to my home router, which is how I would prefer things.)
posted by Yogurt at 8:36 AM on August 28, 2007
posted by Yogurt at 8:36 AM on August 28, 2007
This thread is closed to new comments.
In a VPN context, split tunneling is the term used to describe a multiple-branch networking path. A tunnel is split when some network traffic is sent to the VPN server and other traffic is sent directly to the remote location without passing through the VPN server. (http://www.cites.uiuc.edu/vpn/splittunneling.html)
Are you using a VPN client? (Cisco, etc) or just the built in Windows VPN?
Each have their own way of enabling split VPN, I think your office has to support it as well, but I could be wrong there.
Non-Split VPNs are more common among all the VPNs I've seen.
posted by mattdini at 4:56 PM on August 21, 2007