| View previous topic :: View next topic |
| Author |
Message |
dfelicia
Apprentice
Joined: 11 May 2005
Posts: 281
Location: Southwestern Connecticut
|
 Posted: Sun Feb 26, 2006 6:54 pm Post subject: [ANSWERED] fallback to DIRECT when VPN connection active? |
 |
|
I have a Gentoo box running squid that my wireless clients use as an http proxy. I also use the Gentoo box to conenct to work, sometimes. When I establish a VPN connection to work (using Cisco VPN client), squid stops working, and my wife tells for me to come "fix" her laptop. Of course, when I disconnect VPN, squid resumes.
Is there some way to configure squid or proxy.pac so that when I establish a VPN connection my wife can continue to surf without any interruption?
Last edited by dfelicia on Sun Feb 26, 2006 8:47 pm; edited 1 time in total |
|
| Back to top |
|
 |
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Sun Feb 26, 2006 7:24 pm Post subject: Re: Can proxy.pac fallback to DIRECT when VPN connection act |
|
|
| dfelicia wrote: | I have a Gentoo box running squid that my wireless clients use as an http proxy. I also use the Gentoo box to conenct to work, sometimes. When I establish a VPN connection to work (using Cisco VPN client), squid stops working, and my wife tells for me to come "fix" her laptop. Of course, when I disconnect VPN, squid resumes.
Is there some way to configure squid or proxy.pac so that when I establish a VPN connection my wife can continue to surf without any interruption? |
No, because if the VPN server is configured properly (secure) it will prevent any attempts from other ip addresses than the vpn client to send traffic to it.
Routing table gets altered as soon as the vpn is up, changes are tracked and would - if possible at all - lead the vpn to drop the connection.
So this would mean your proxy will try to connect via the vpn server in your office to internet - which most probably isn't allowed directly. Plus even if this is possible your clients cannot connect to squid because the vpn prohibits this.
One chance would be to use a virtual machine (e.g. vmware) to connect to your office. This would leave the host machine accessible during the vpn connection for other clients in your house.
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
odessit
Apprentice
Joined: 01 Feb 2004
Posts: 180
Location: Current Residency - Server Room - Caution - Frostbite Imminent!
|
| Posted: Sun Feb 26, 2006 10:25 pm Post subject: |
|
|
| Or you could setup "split tunneling" on the Cisco device that you use. It will permit the traversal of unencrypted traffic even when the VPN connection is established. Although Win32 Cisco VPN client includes a firewall which will prevent OTHER PCs to connect, Linux version may have it too. It will have to be disabled manually. <- this will definately degrade your overall security. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
