Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Use a VPN without it taking over the network' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Use a VPN without it taking over the network
Authored by: ferret-slayer on Sep 10, '05 12:06:12AM
But that option (connect using VPN-assigned IP) still presents an inconvenience, because the user cannot use his/her "dyndns.org" domain name to establish the connection

When he turns on the VPN, he changes the primary network interface to the VPN-IP. The DNS-update client will report this change to dyndns.org, and his domain name will return the VPN IP.

This assumes he isn't using a router with the DNS-update client set to check the external IP number. I don't know what it will return in that case (probably a number from the VPN server).

[ Reply to This | # ]

Use a VPN without it taking over the network
Authored by: kshetline on Sep 10, '05 09:58:11PM

(Mypologies if this is an extra repost -- I didn't see the first reply attempt show up.)

First of all, I do use the built-in dynamic DNS support in my router for dyndns.org, rather that DDNS client software on one of my computers, so the resolution of my personal domain wouldn't get changed by hooking up to my company VPN, no matter how I have the VPN connection configured.

But even if I was using client software instead of my router, consider this:

Suppose my IP on the VPN is 172.18.99.99
Suppose the WAN-facing IP for my computer -- along with many other computers at the office sharing the same WAN-facing IP -- is 42.43.44.45.

When the client software phones home to dyndns.org, myhomedomain.org will be mapped to 42.42.44.45.

If someone types http://myhomedomain.org into their web browser, an attempt will be made to connect to 42.43.44.45 at port 80.

The connection attempt then hits my company's router and firewall... and those incoming packets will NOT get routed to 172.18.99.99 and its port 80. Nor will any other attempt to connect to any other ports on my home computer for SSH, Timbuktu, etc. get through, not without convincing my company to poke all of those holes in their firewall and to do all of that special port forwarding just for me and me alone -- that ain't gonna happen.

Further, even if my friendly company sys admin were so obliging, I wouldn't want her to set all of that up for me anyway. I really don't want my personal domain becoming my company's IP address on and off all of the time. Also, while dyndns.org works pretty well, the less remapping of my domain to different IP addresses all of the time -- with all of the propagation delays that can entail -- the better.



[ Reply to This | # ]