This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

routing all traffic in through the outside interface and out through a dedicated VPN outbound port?

xyyz 2000 over 8 years ago

So, avoiding split tunneling (although, i wouldn't even know how to configure that), how would I allow all traffic to be filtered through the VPN? At the moment, I have setup SSL on my SophosUTM 9.4 box. I can connect and fetch anything I need from within the network, but since split tunneling is not functioning (and I really don't want it to be functioning) all access is restricted to the inside network.

Now, I'd would like to access the internet while connected to my VPN but through an additional interface (third one) to the SophosUTM box. Is there any way to do this, route all traffic through that third interface when I'm out and about.

Can someone please instruct me on how to do this?

Appreciation in advance

This thread was automatically locked due to age.

0 xyyz 2000 over 7 years ago in reply to Louis-M

I do not want to split tunnel. I do not want my client machine to access the the WAN using the hotspot and the LAN using the VPN. I want what would be a full tunnel that would emulate a device on the home LAN that requires all all outbound traffic to be routed through the SophosUTM.

When connected to the VPN, I want all traffic to enter in the VPN designated interface and exit through the Outside interface, in the same way that the LAN traffic is routed through the SophosUTM device in to the Inside interface and out of the Outside interface.

I guess this bit about the Sophos box being smart enough to figure it all out is a bit strange to me, considering that my experience has been with PIXes where there was none of the device intelligence.

Before I try the suggestions, which I really appreciate, I just want to make sure that there is no misunderstanding about what it is that I'd like to do. I'm not sure if I've explained what it is I want clear enough.

Your post along with these clarified exactly what I wanted.

"First, let’s take a closer look into how split tunneling works. In VPNs, there are basically two types of virtual tunnels that enable secure data transmission: full tunnels and split tunnels. In full tunnel mode, a remote corporate user establishes an Internet connection from a client PC, which then runs through the VPN. This naturally includes the user's private data traffic. As a result, every time the user scans the web, be it for shopping on eBay, checking personal email, or accessing the company CRM, it is done through the company VPN gateway.

...

The other virtual tunnel configuration, split tunnels, only transmits data through the VPN tunnel from a website or from another IT service within the corporate network. For all other connections, such as Facebook or web mail, the client PC directly accesses the providers' servers. Downloads from external websites are not directed through the corporate network and the VPN."

http://www.infosecisland.com/blogview/22859-Making-Sense-of-Split-Tunneling-.html

"A VPN sends all the traffic destined for your corporate network over a secure encrypted tunnel. If split tunneling is disabled, that means that ALL traffic from your computer is going over that tunnel, and traffic destined for the Internet goes out from your computer, across the Internet to the corporate network, and from the corporate network to a destination on the Internet. Then, return traffic comes from that destination through the Internet, then back to the corporate network, and then back through Internet again, before finally reaching you.

When split tunneling is enabled, Internet traffic goes directly from your computer to the Internet and back without involving the VPN at all. Split tunneling also allows you to access other systems on your local network which is impossible if all traffic has go to the corporate network first, although this can be mitigated in some configurations."

www.tripwire.com/.../
Cancel
Vote Up 0 Vote Down

Cancel