Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'Use a VPN without it taking over the network' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Use a VPN without it taking over the network
Authored by: beauh on Sep 12, '05 04:18:39AM

The issue lies in the fact that OS X does not support source-based routing. Any traffic that is not link-local is going to be sent out via your default route, which by default is going to be your IPSec tunnel when your VPN connection is active. When he's connecting from work to his home computer, his home machine sees an incoming connection from his office WAN IP: a publicly routable IP, notes that it is not link-local, and then fires the response via default route, straight down the VPN tunnel and ultimately to a destination that's going to drop it. Setting the internal subnet to be the default interface would then make all traffic go out through the nat router. Your still not going to have a problem on the VPN side, as the company subnet appears to be link-local.

The IPSec tunnel serves well as the default route as it adds a layer of intrusion prevention, leaving your company's site less vulnerable (unless your internal subnet is otherwise compromised). --> enabling this script might piss off yer admin.

[ Reply to This | # ]