OT: vpn questions (stops using my internet connection and starts using the gateways?)

Scot L. Harris webid at cfl.rr.com
Thu Jul 22 23:18:17 UTC 2004 

On Thu, 2004-07-22 at 18:01, Christopher J. Bottaro wrote:
> i installed cisco's vpn client for linux and i successfully connected to my
> work's vpn gateway.  the problem is once i'm connected, my ip address is
> changed to vpn gateway's ip address and my internet connection becomes very
> slow.  i'm assuming this is because when i connect to sites on the
> internet, its actually the vpn gateway thats making the connection, then
> forwarding the data to my computer.
> 
> i always thought vpn was like that i could be locally connected to an
> external lan, while still being connected to my lan at the same time.  am i
> wrong in thinking this?
> 
> i want to use vpn to connect to a few machines on my work's lan, not use my
> work's internet connection.  can i achieve this somehow?
> 
> thanks for the help and sorry i didn't know where else to ask this...this
> list seems to answers for anything/everything regardling computers...=)

There are two ways to setup VPN connections and this depends on the
software you are using and the policy your company sets.  

In your case when you setup the VPN you are locked into sending all
traffic through the VPN connection.  As you found access to the Internet
can become slow since all of your traffic goes over the VPN connection
to your company and then out their Internet connection.  You have the
additional over head of the VPN plus the additional hops you go through
to get to the Internet now.  And depending on your companies Internet
bandwidth this could become very slow.

The other method provides split access.  Only the addresses defined in
the VPN policy go over the VPN all others use your normal gateway.  The
benefit as you surmised is that you would have your normal fast access
(assuming a DSL or cable connection) to the general Internet but still
have encrypted connections to the company resources.  The down side is
that such a setup potentially opens the company resources to direct
Internet access through your computer.  As you can imagine most
companies do not want to let unrestricted access from the Internet to
get into their network.  I would expect most companies will not permit
this type of connection.  

So the good news is that I saved a lot of money with Geico. :)
-- 
Scot L. Harris
webid at cfl.rr.com

Oblivion together does not frighten me, beloved.
		-- Thalassa (in Anne Mulhall's body), "Return to Tomorrow",
		   stardate 4770.3.

More information about the users mailing list