• Home
  • Assertions
  • Poetry
  • Programming

Record and Reverie

General things I find interesting

Feed on
Posts
Comments
« Searching for Digital
Starting Christmas Break »

Will Not Fix it

Dec 6th, 2006 by Graham Booker

I had an interesting exchange with the CIS people here at TAMU concerning their VPN. A bit of background:

  • A&M uses Cisco’s VPN client (and there concentrator too IIRC).
  • There are two modes for the VPN. The normal mode which forwards all traffic through the VPN and the “split-tunnel” mode which only forwards TAMU destined traffic through the VPN
  • Upon connecting to the VPN, the client changes your DNS server settings to those specified by the server (in both modes)

I tend to use the split-tunnel mode more often than not because I only care to get through the firewall. Now here enters the situation.
Slowly, when I was off campus, I noticed that I could not reach certain websites while using VPN. They were perfectly reachable when not using VPN though. So, I tracked down the problem and reported it:

Apparently one of the “features” of Cisco’s VPN client is to change the local host’s DNS information. While this is fine when all traffic is tunneled through the VPN, it is completely foolish to do it when only TAMU traffic is forwarded.

Case in point:
images.apple.com (an akamai server)
Without VPN, IPs are:
a932.g.akamai.net has address 81.52.248.174
a932.g.akamai.net has address 81.52.248.185

With VPN, IPs are:
a932.g.akamai.net has address 165.91.254.17
a932.g.akamai.net has address 165.91.254.15

With VPN, 165.91.254.15 and 165.91.254.17 are unreachable, without it, they are.

The solution, don’t ever even think about turning on the setting to change DNS information when the user utilizes the VPN for off campus needs. It screws up too many things, and there is no good reason for it.

yet another case:
www.foxnews.com
Without VPN:
a20.g.akamai.net has address 64.86.106.143
a20.g.akamai.net has address 64.86.106.144

With VPN:
a20.g.akamai.net has address 165.91.254.17
a20.g.akamai.net has address 165.91.254.15

Later I postulated, over the phone, another possible solution. The Akamai servers sit outside the A&M firewall, and when using the split-tunnel, the user is assigned a private IP address. Perhaps they need only to allow this case of traffic through the firewall even though it is using private IP addresses.

I need to use hacks to force my computer to use the correct DNS. Granted, I know quite well how to do this, and had forgotten that I have already been doing it on my linux box for years, but this is well beyond the layman. Also, it is a pain to do. I told them that such a solution is really unacceptable. The final word on the subject. They won’t fix it How disappointing.

Now I am having a problem where the split-tunnel VPN accepts my password, but the full VPN along with the PPTP VPN reject it. The password should be the same. Who knows what they have going on in there.

Posted in General

Comments are closed.

  • Recent Posts

    • Using ACLs to Solve Permissions Issues
    • Why I Cancelled Netflix
    • Are Apple’s Best Days Behind Us?
    • Consistent 24p on OpenPHT
    • My experience with Plex and an HD HomeRun on Suddenlink
    • Docker in FreeNAS 9.10 (Part 2)

  • Archives

    2019
    2018
    June 2018 (1)July 2018 (1)December 2018 (1)
    2017
    January 2017 (2)June 2017 (1)August 2017 (1)
    2016
    June 2016 (1)August 2016 (1)
    2015
    January 2015 (1)February 2015 (1)December 2015 (1)
    2014
    June 2014 (1)July 2014 (1)August 2014 (2)
    2013
    February 2013 (2)March 2013 (1)April 2013 (1)June 2013 (1)November 2013 (1)
    2012
    April 2012 (2)May 2012 (1)June 2012 (1)November 2012 (1)
    2011
    January 2011 (1)October 2011 (1)November 2011 (1)December 2011 (1)
    2010
    February 2010 (2)April 2010 (1)June 2010 (1)July 2010 (1)August 2010 (1)September 2010 (1)October 2010 (2)December 2010 (3)
    2009
    January 2009 (1)February 2009 (1)March 2009 (2)May 2009 (1)July 2009 (3)September 2009 (1)
    2008
    January 2008 (1)February 2008 (4)March 2008 (1)April 2008 (6)May 2008 (1)June 2008 (3)August 2008 (1)September 2008 (2)October 2008 (2)December 2008 (1)
    2007
    January 2007 (1)February 2007 (4)March 2007 (5)April 2007 (4)May 2007 (1)June 2007 (6)August 2007 (3)September 2007 (3)November 2007 (3)December 2007 (4)
    2006
    January 2006 (4)February 2006 (10)March 2006 (4)April 2006 (6)May 2006 (2)June 2006 (4)July 2006 (1)August 2006 (1)September 2006 (4)October 2006 (6)November 2006 (3)December 2006 (3)
    2005
    October 2005 (6)November 2005 (13)December 2005 (1)
    2004
    February 2004 (2)March 2004 (1)April 2004 (1)May 2004 (6)June 2004 (6)July 2004 (3)August 2004 (2)September 2004 (1)November 2004 (5)
    2003
    September 2003 (1)October 2003 (3)November 2003 (1)December 2003 (1)

  • Categories

    • Breakaway (5)
    • Family (4)
    • Friends (2)
    • General (146)
    • Nature Pictures (8)
    • Politics (2)
    • Programming (41)
    • School (11)
    • SysAdmin (8)
    • Teaching (2)

  • Tags

    AC3 Ads Code Frontrow Java Objective-C Open Source Perian Perl permissions plex plugin RSS Sapphire School Servers ZFS

  • Pages

    • Assertions
      • Female Friends Who Won’t Date You
      • Not Dating Friends
    • Poetry
      • Curtis Staying Over
      • Girl Questions
      • Scaring Girls Off
      • Summer’s End
    • Programming
      • Fire Development
      • Kyocera Ringtone Converter for the Mac
      • Perian
      • Text Compression

Record and Reverie © 2019 All Rights Reserved.

WordPress Themes | Web Hosting Bluebook