Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Host-Side Routing of TCP/IP Traffic

Started by PaulJRichardson , Jan 31 2013 12:42 PM

  • Please log in to reply

#1
PaulJRichardson
Posted 31 January 2013 - 12:42 PM

PaulJRichardson

    New Member

  • Member
  • Pip
  • 7 posts
.

Greetings GeeksToGo Experts,

I am so very grateful for these forums! :D By default, when I setup my VPN to the corp. network, my required security app connects to the company, and is encrypted via PPTP (not intercepted). But I would like to set a Firewall rule, or routing table rule to direct at least one of my browser apps to NEVER use the VPN (so I can check facebook, do personal email, etc.). I really appreciate any links to tutorials or walk-thrus you can provide. I've done a ton of searching and reading, and most of what I find relates to people who want to block an app from NOT using the VPN (the opposite of what I want to do), or else they discuss split-dns and split-tunnel vpn. I just don't want to disconnect the VPN just to check my personal email or other personal websites, etc (which as of right now, is going over the corporate network to the internet --- not very good for my privacy :blink: ).

Thus far, my best guess is to (??) uncheck that VPN config option for 'use remote gateway', then set FW rules specific to the apps. The company email, etc. should be blocked from local network, and required to use VPN and the browser I use for personal internet activity should be blocked from VPN and allowed for local. Any apps not really specific to company sensitive data or used for personal activity (eg., sw development testing) can just do whatever they want).

Or else, maybe I could somehow do this with proxy settings inside a Firefox type browser? I'm just not sure how best to do this.

Thank you so much!,
Paul Richardson

:thumbsup:

PS: Below is the info on my personal laptop computer (I have full admin rights):

COMPUTER HARDWARE:
ASUS G73JW ROG-A185F
(Special Edition 16 Gb Ram, Dual Hybrid Drives)

OPERATING SYS:
OS Version: 6.1.7601 SP1 (Win 7 Ultimate)

FIREWALL:
PrivateFirewall v.7.0
(a Free FW installed on my host OS, w/granular rules for apps and processes)

LOCAL (HOST) PROXY APP:
Privoxy ver.3 for Windows
NOTE: I usually disable this when on the VPN

BROWSERS:
Portable FF v.18 (also have local installed version)
Chrome v.24 (installed and port version)
Opera v.12 (installed and port version)
YAPO (Yet Another Port Opera) v.10
Safari for Windows v.5
Dragon v.24
SRWare Iron v.23

VPN CONNECTION:
Win OS built-in VPN (PPTP, w/EAP)
VPN is a PPP connection
SM is 255.255.255.255
My local adapter VPN 'virtual' netwrk interface gets a class 'A' IPv4 address
My VPN IP is in the same subnet as the company
The VPN server does not provide me any IPv6 functionality


============================================================
============================================================
============================================================

C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : BRAINLESS
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
System Quarantine State . . . . . : Not Restricted


PPP adapter VPN Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VPN Connection
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : X.X.X.X (Preferred) <<< This is a Class A IPv4 address
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : Y.Y.Y.Y <<< This is a Class A IPv4 address for company DNS server #1
z.z.z.z <<< This is a Class A IPv4 address for company DNS server #2
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 6A-5D-60-72-16-13
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 48-5D-60-72-16-13
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a489:286c:482f:f64%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.97(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, January 27, 2013 16:56:20
Lease Expires . . . . . . . . . . : Sunday, March 09, 2149 16:13:30
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 189291872
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-14-91-5A-BC-AE-C5-16-E6-F4
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : BC-AE-C5-16-E6-F8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8A6472C4-F745-4AB9-BB95-64CD6FD84B83}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hsd1.il.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{7DAC75A5-F229-4FE6-9A22-26682CC7F086}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


:help:
  • 0

Advertisements

#2
jchunk
Posted 13 February 2013 - 05:48 AM

jchunk

    Member

  • Member
  • PipPip
  • 47 posts
Hey this is a great question I'm not going to try and handle it i just wanted you to know people are reading this. I'm going to do some research on it too. GL!!!
  • 0

#3
PaulJRichardson
Posted 13 February 2013 - 10:10 AM

PaulJRichardson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you JChunk ;-)

UPDATE ON MY ORIGINAL POST:
  • I verified that it won't work, just by unchecking the 'default gateway' option on the VPN in combination with attempting to allow/deny traffic using the Firewall rules (which can be set on a per/app basis, with source/dest. IP)
  • I also attempted to setup a separate virtual 'bridged' (not NAT'ed), adapter with a VMware guest OS, but that didn't seem to work either, probably because windows still tries to direct it out of the VPN, even though the VM got a separate IP
  • I am beginning to think I may just have to edit the local windows OS route table (using the Route command, or perhaps Netsh), perhaps even in combination with a bridged adapter
  • one of the persistent problems though still remains, which is that I can't find any good documentation on the route table for windows 7, or for bridging adapters in windows 7
  • NOTE: I'm not sure, but I suspect that changing the binding order of the adapter priorities, and also that changing the metric on individual adapters, are just GUI methods that change the local routing table and it's metrics
  • In other words, I might as well just work with the routing table, as opposed to using the binding order or individual adapter metric, right?? (again, I'm just not sure)

Edited by PaulJRichardson, 13 February 2013 - 11:06 AM.

  • 0
Back to Networking · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Hardware
  3. Networking

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP