FlyerTalk Forums
Page 2 of 2
1
2
Show 40 post(s) from this thread on one page

FlyerTalk Forums (https://www.flyertalk.com/forum/index.php)
-   Travel Technology (https://www.flyertalk.com/forum/travel-technology-169/)
-   -   Selective VPN tunnel? (https://www.flyertalk.com/forum/travel-technology/940455-selective-vpn-tunnel.html)

gfunkdave Apr 6, 2009 10:08 am
So I put the VPN client into split-tunneling mode, but it only lets me access the subnet at the VPN head-end - not any of our other ones. I'm going to try a route add for the others.

Got it to work with route add...though does anyone know if there's a way to make a batch file I can click on to make the route add command and not have to look up my VPN IP address?

Relevant route table for the VPN connection:

Network Destination Netmask Gateway Interface Metric
192.168.134.0 255.255.255.0 192.168.134.42 192.168.134.42 1
192.168.134.42 255.255.255.255 127.0.0.1 127.0.0.1 50

The route add command I used was:
route add 192.168.0.0 mask 255.255.0.0 192.168.134.42

KVS Apr 6, 2009 11:04 am
Originally Posted by gfunkdave (Post 11535922)
So I put the VPN client into split-tunneling mode, but it only lets me access the subnet at the VPN head-end - not any of our other ones. I'm going to try a route add for the others.

Got it to work with route add...though does anyone know if there's a way to make a batch file I can click on to make the route add command and not have to look up my VPN IP address?

Relevant route table for the VPN connection:

Network Destination Netmask Gateway Interface Metric
192.168.134.0 255.255.255.0 192.168.134.42 192.168.134.42 1
192.168.134.42 255.255.255.255 127.0.0.1 127.0.0.1 50

The route add command I used was:
route add 192.168.0.0 mask 255.255.0.0 192.168.134.42


There you go:
Code:
IPCONFIG | FIND "192.168.134." > %TEMP%\$VPN_IP.txt
FOR /F "TOKENS=2-2 DELIMS=:" %%i IN (%TEMP%\$VPN_IP.txt) DO SET VPN_IP=%%i

ROUTE ADD 192.168.0.0 MASK 255.255.0.0 %VPN_IP% METRIC 1

gfunkdave Apr 6, 2009 11:30 am
Originally Posted by KVS (Post 11536279)
There you go:
Code:
IPCONFIG | FIND "192.168.134." > %TEMP%\$VPN_IP.txt
FOR /F "TOKENS=2-2 DELIMS=:" %%i IN (%TEMP%\$VPN_IP.txt) DO SET VPN_IP=%%i

ROUTE ADD 192.168.0.0 MASK 255.255.0.0 %VPN_IP% METRIC 1
You rock! What does the TOKENS=2-2 do? It seems to tell it to just use the second string it finds between : delimiters?

Steve M Apr 6, 2009 11:31 am
Originally Posted by star_world (Post 11535760)
The key point is that on Cisco VPN it can only be changed by the people controlling the VPN head-end. You can't just add a route or remove a route and influence the VPN in this way. It's highly likely that if the VPN is configured to send all traffic across the tunnel, the company is doing that intentionally to ensure that they can run the traffic through their content filters, URL scanning, etc. as they would if the user was in the office. In this situation it can be very difficult to overcome.
But, couldn't the content filters etc be avoided by simply not connecting to the VPN when 'blocked' content is desired? It would seem a rather silly thing for an admin to want to tunnel all Internet traffic just to be able to filter content.

gfunkdave Apr 6, 2009 11:33 am
Originally Posted by Steve M (Post 11536403)
But, couldn't the content filters etc be avoided by simply not connecting to the VPN when 'blocked' content is desired? It would seem a rather silly thing for an admin to want to tunnel all Internet traffic just to be able to filter content.
I have a consultant friend who can only use his work laptop with the network if the VPN is connected.

KVS Apr 6, 2009 11:39 am
Originally Posted by gfunkdave (Post 11536401)
You rock! What does the TOKENS=2-2 do? It seems to tell it to just use the second string it finds between : delimiters?
Correct.

gfunkdave Apr 6, 2009 11:49 am
Originally Posted by KVS (Post 11536467)
Correct.
Ah, yes...I saw ":" but was thinking ".". Makes sense now. Thanks!

BobbySteel Apr 23, 2009 5:07 am
This is a really helpful thread. Has anyone configured a split tunnel based on port only? I was considering a feasible way of leaving VPN on all the time except on my open BitTorrent ports, but it seems the traffic is filtered by IP primarily, then protocol, rather than port.


All times are GMT -6. The time now is 8:52 am.
Page 2 of 2
1
2
Show 40 post(s) from this thread on one page


This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.