| Author |
Message |
Bob
Guest
|
 Posted:
Sun Oct 16, 2005 4:20 pm Post subject:
PPTP VPN Startup Connect |
|
|
I have a Microsoft Windows 2000 PPTP VPN Client that I use to connect
to a remote server. I have a RoadRunner Cable connection that is
available all the time.
As the VPN is configured now, I have to make the Client connection
manually after I start my computer.
How do I make the connection on my end happen automatically when I
start my computer? |
|
| Back to top |
|
 |
mikah
Guest
|
| Posted:
Tue Oct 18, 2005 4:20 pm Post subject:
Re: PPTP VPN Startup Connect |
|
|
| Quote: | From: Bob (Sun, 16 Oct 2005 15:55:32 GMT)
MsgId: <43527717.1757312@news-server.houston.rr.com
I have a Microsoft Windows 2000 PPTP VPN Client that I use to connect
to a remote server. I have a RoadRunner Cable connection that is
available all the time.
As the VPN is configured now, I have to make the Client connection
manually after I start my computer.
How do I make the connection on my end happen automatically when I
start my computer?
|
If you do that, you won't be able to use your connection for anything else
unless you use split tunneling, which is considered a security risk.
Normally when VPN is up, all other internet connectivity is down. That's by
design. |
|
| Back to top |
|
|
Martin Bodenstedt
Guest
|
| Posted:
Wed Oct 19, 2005 4:20 pm Post subject:
Re: PPTP VPN Startup Connect |
|
|
Bob schrieb:
| Quote: | On Wed, 19 Oct 2005 15:35:47 +0200, Martin Bodenstedt
martin.bodenstedt@gmx.de> wrote:
Where did you get this bizarre notion that "Normally when VPN is up,
all other internet connectivity is down. That's by design."
You use your VPN connection to access a remote network.
If you have - at the same time - an open internet connection you open
that remote computer to the internet (not easily, agreed, but possibly).
The remote computer is already connected to the Internet, otherwise I
could not connect to it.
|
You are missing the point:
The remote computer certainly is connected to the internet using *its
own* security access policy.
| Quote: | Anyway, the MS PPTP VPN connection allows you to choose where your
Internet access is - on your machine or on the remote machine.
Obviously you would choose to have your Internet connection on your
machine since you use the Internet connection on your machine to
establish the VPN connection to the remote machine.
|
Off course you open the vpn connection through the internet. But once
the vpn connection is open you should not be able to bypass the vpn
connection. You should *only* be able to access the remote machine (and
maybe the internet through that remote machine depending on that
machine's security policy). Otherwise you open the remot to the internet
using *your* internet connection and notthe *remote* computer's...
--
Martin Bodenstedt
(www.die-bodenstedts.de / www.maboko.de) |
|
| Back to top |
|
|
Simon
Guest
|
| Posted:
Wed Oct 19, 2005 4:20 pm Post subject:
Re: PPTP VPN Startup Connect |
|
|
Martin Bodenstedt wrote:
| Quote: | Bob schrieb:
On Wed, 19 Oct 2005 15:35:47 +0200, Martin Bodenstedt
martin.bodenstedt@gmx.de> wrote:
Where did you get this bizarre notion that "Normally when VPN is up,
all other internet connectivity is down. That's by design."
You use your VPN connection to access a remote network.
If you have - at the same time - an open internet connection you open
that remote computer to the internet (not easily, agreed, but possibly).
The remote computer is already connected to the Internet, otherwise I
could not connect to it.
You are missing the point:
The remote computer certainly is connected to the internet using *its
own* security access policy.
Anyway, the MS PPTP VPN connection allows you to choose where your
Internet access is - on your machine or on the remote machine.
Obviously you would choose to have your Internet connection on your
machine since you use the Internet connection on your machine to
establish the VPN connection to the remote machine.
Off course you open the vpn connection through the internet. But once
the vpn connection is open you should not be able to bypass the vpn
connection. You should *only* be able to access the remote machine (and
maybe the internet through that remote machine depending on that
machine's security policy). Otherwise you open the remot to the internet
using *your* internet connection and notthe *remote* computer's...
True, it's good security to do this, however with the windows client |
it's easy to bypass this.
Anyway nobody answered the original question, my suggestion would be to
look at the rasdial command (cmd prompt) you can launch vpn connections
from there so perphaps a batch file in the startup folder would do it.
I'm sure there's a much more elegant way though :)
Simon |
|
| Back to top |
|
|
Bob
Guest
|
| Posted:
Wed Oct 19, 2005 4:20 pm Post subject:
Re: PPTP VPN Startup Connect |
|
|
On Tue, 18 Oct 2005 15:16:06 GMT, mikah <mikah@nospam4me.invalid>
wrote:
| Quote: | How do I make the connection on my end happen automatically when I
start my computer?
If you do that, you won't be able to use your connection for anything else
unless you use split tunneling, which is considered a security risk.
Normally when VPN is up, all other internet connectivity is down. That's by
design.
|
Then the design is flawed because I am able to access the Internet and
connect to the VPN at the same time. And I am not using any "split
tunnelling". I am using MS PPTP VPN, the one that comes with Windows
2000.
Where did you get this bizarre notion that "Normally when VPN is up,
all other internet connectivity is down. That's by design."
--
If you build a man a fire and he will be warm for a day. If you
set a man on fire, he will be warm for the rest of his life. |
|
| Back to top |
|
|
Bob
Guest
|
| Posted:
Wed Oct 19, 2005 4:20 pm Post subject:
Re: PPTP VPN Startup Connect |
|
|
On Wed, 19 Oct 2005 15:35:47 +0200, Martin Bodenstedt
<martin.bodenstedt@gmx.de> wrote:
| Quote: | Where did you get this bizarre notion that "Normally when VPN is up,
all other internet connectivity is down. That's by design."
You use your VPN connection to access a remote network.
If you have - at the same time - an open internet connection you open
that remote computer to the internet (not easily, agreed, but possibly).
|
The remote computer is already connected to the Internet, otherwise I
could not connect to it.
Anyway, the MS PPTP VPN connection allows you to choose where your
Internet access is - on your machine or on the remote machine.
Obviously you would choose to have your Internet connection on your
machine since you use the Internet connection on your machine to
establish the VPN connection to the remote machine.
--
If you build a man a fire and he will be warm for a day. If you
set a man on fire, he will be warm for the rest of his life. |
|
| Back to top |
|
|
Martin Bodenstedt
Guest
|
| Posted:
Wed Oct 19, 2005 4:20 pm Post subject:
Re: PPTP VPN Startup Connect |
|
|
Bob schrieb:
| Quote: | Where did you get this bizarre notion that "Normally when VPN is up,
all other internet connectivity is down. That's by design."
|
Just think about it:
You use your VPN connection to access a remote network.
If you have - at the same time - an open internet connection you open
that remote computer to the internet (not easily, agreed, but possibly).
--
Martin Bodenstedt
(www.die-bodenstedts.de / www.maboko.de) |
|
| Back to top |
|
|
Mike Drechsler - SPAM PRO
Guest
|
| Posted:
Wed Oct 19, 2005 9:21 pm Post subject:
Re: PPTP VPN Startup Connect |
|
|
Bob wrote:
| Quote: | On Tue, 18 Oct 2005 15:16:06 GMT, mikah <mikah@nospam4me.invalid
wrote:
How do I make the connection on my end happen automatically when I
start my computer?
If you do that, you won't be able to use your connection for anything else
unless you use split tunneling, which is considered a security risk.
Normally when VPN is up, all other internet connectivity is down. That's by
design.
Then the design is flawed because I am able to access the Internet and
connect to the VPN at the same time. And I am not using any "split
tunnelling". I am using MS PPTP VPN, the one that comes with Windows
2000.
Where did you get this bizarre notion that "Normally when VPN is up,
all other internet connectivity is down. That's by design."
--
If you build a man a fire and he will be warm for a day. If you
set a man on fire, he will be warm for the rest of his life.
|
He incorrectly implied that you loose internet connectivity in the
default settings. What is actually happening is your computer will send
all internet traffic over the VPN. If the remote VPN endpoint is
configured to allow this traffic access to the internet through their
connection then your internet will still appear to work though all your
traffic will now appear to be coming through the remote sides
connection. Many VPN endpoints are configured by default to deny all
vpn sourced traffic access to the internet so that it appears that while
you are on the VPN the internet will not work. If the administrator
choose to allow VPN users access to the internet through that connection
they would need to change the settings (likely the NAT mappings or a
firewall rule) to explicitly allow VPN users access through the gateway
to the internet.
The idea behind this is that on the remote side they already have a
firewall configured to their policy on security. On your local side,
your firewall is not controlled by them so you could allow all inbound
access to your machine for example and if you have some trojan on your
computer a hacker can control your machine and by doing so have access
to the networks that your machine is connected to including the remote
VPN network. There was a well publicised case of exactly this happening
to a Microsoft employee allowing the hacker access to the internal
Microsoft network through his home computer.
In the microsoft PPTP client you can turn off the setting that sends all
your internet traffic to the vpn. In many clients for different vpn
routers there is a setting that the administrator can use to prevent
users from disabling this split tunnelling feature in their own clients
for the reason I just stated.
--
WARNING! Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com) |
|
| Back to top |
|
|
Bob
Guest
|
| Posted:
Wed Oct 19, 2005 9:22 pm Post subject:
Re: PPTP VPN Startup Connect |
|
|
On Wed, 19 Oct 2005 16:55:35 +0200, Martin Bodenstedt
<martin.bodenstedt@gmx.de> wrote:
| Quote: | Off course you open the vpn connection through the internet. But once
the vpn connection is open you should not be able to bypass the vpn
connection. You should *only* be able to access the remote machine (and
maybe the internet through that remote machine depending on that
machine's security policy). Otherwise you open the remot to the internet
using *your* internet connection and notthe *remote* computer's...
|
MS PPTP VPN has an option whether you want your Internet connection to
be on your machine or on the remote machine. Of course you choose to
keep the Internet connection on your machine. There is no reason to
use the remote to access the Internet when access is provided by your
machine.
--
If you build a man a fire and he will be warm for a day. If you
set a man on fire, he will be warm for the rest of his life. |
|
| Back to top |
|
|
Snak
Guest
|
| Posted:
Wed Oct 19, 2005 9:33 pm Post subject:
Re: PPTP VPN Startup Connect |
|
|
Bob wrote:
| Quote: | On Wed, 19 Oct 2005 16:55:35 +0200, Martin Bodenstedt
martin.bodenstedt@gmx.de> wrote:
Off course you open the vpn connection through the internet. But once
the vpn connection is open you should not be able to bypass the vpn
connection. You should *only* be able to access the remote machine (and
maybe the internet through that remote machine depending on that
machine's security policy). Otherwise you open the remot to the internet
using *your* internet connection and notthe *remote* computer's...
MS PPTP VPN has an option whether you want your Internet connection to
be on your machine or on the remote machine. Of course you choose to
keep the Internet connection on your machine. There is no reason to
use the remote to access the Internet when access is provided by your
machine.
--
If you build a man a fire and he will be warm for a day. If you
set a man on fire, he will be warm for the rest of his life.
|
Microsoft is hiring security experts.
You sound like a perfect candidate. |
|
| Back to top |
|
|
Bob
Guest
|
| Posted:
Thu Oct 20, 2005 1:45 am Post subject:
Re: PPTP VPN Startup Connect |
|
|
On Wed, 19 Oct 2005 16:06:23 GMT, Simon <simon@not-here.com> wrote:
| Quote: | look at the rasdial command (cmd prompt) you can launch vpn connections
from there so perphaps a batch file in the startup folder would do it.
I'm sure there's a much more elegant way though :)
|
Windows 2K Help has the following statement:
"You can also automate the connection process for any Microsoft client
by using a simple batch file and the rasdial command or by using a
custom, Windows NT and Windows 2000 application that recognizes remote
access."
Since I do not have any "custom, Windows NT and Windows 2000
application that recognizes remote access.", I am stuck with a "a
simple batch file and the rasdial command".
So I suppose I would use
rasdial "connection name" username password
Hot Damn! It actually works. This calls for celebration. Imagine that
- a Microsoft command that works the very first time. Unbelievable,
incredible, astronomical, a miracle.
Thanks for the answer to my query. Now I have another question.
Does the MS PPTP VPN Client connection time out? I notice that after a
while the connection drops for some reason. I want to keep it on all
the time so my son can get into my machine when he wants.
--
If you build a man a fire and he will be warm for a day. If you
set a man on fire, he will be warm for the rest of his life. |
|
| Back to top |
|
|
Bob
Guest
|
| Posted:
Thu Oct 20, 2005 1:47 am Post subject:
Re: PPTP VPN Startup Connect |
|
|
On Wed, 19 Oct 2005 16:21:59 GMT, Mike Drechsler - SPAM PROTECTED
EMAIL <mike-newsgroup@-DELETETHISPART-.upcraft.com> wrote:
| Quote: | He incorrectly implied that you loose internet connectivity in the
default settings. What is actually happening is your computer will send
all internet traffic over the VPN.
|
Not if I configure the VPN not to do that.
There is a checkbox in the setup that asks if you want the Internet
connection to come from the remote (as it would if it were an ISP) or
from your machine. I told it my machine, so my machine gets its
Internet connectivity from my Internet connection, not the remote one.
--
If you build a man a fire and he will be warm for a day. If you
set a man on fire, he will be warm for the rest of his life. |
|
| Back to top |
|
|
Bob
Guest
|
| Posted:
Thu Oct 20, 2005 1:48 am Post subject:
Re: PPTP VPN Startup Connect |
|
|
On Wed, 19 Oct 2005 16:33:02 GMT, Snak
<Snak_Snak@[notformail].invalid> wrote:
| Quote: | Microsoft is hiring security experts.
You sound like a perfect candidate.
|
I would be privileged to work for Microsoft. Please send me an
application.
Who do you work for? The federal govt. <g>
--
If you build a man a fire and he will be warm for a day. If you
set a man on fire, he will be warm for the rest of his life. |
|
| Back to top |
|
|
Martin Bodenstedt
Guest
|
| Posted:
Thu Oct 20, 2005 8:20 am Post subject:
Re: PPTP VPN Startup Connect |
|
|
Bob schrieb:
| Quote: | MS PPTP VPN has an option whether you want your Internet connection to
be on your machine or on the remote machine. Of course you choose to
keep the Internet connection on your machine. There is no reason to
use the remote to access the Internet when access is provided by your
machine.
|
You're still not getting the point:
By doing it the way you suggest you're compromising the remote machine
by opening the remote machine to the internet via _your_ machine
bypassing any internet access guidelines imposed on the remote machine
by its admin.
If I were the admin of the remote machine (or network), I'd kick you out
the minute I become aware of you doing split tunneling...
--
Martin Bodenstedt
(www.die-bodenstedts.de / www.maboko.de) |
|
| Back to top |
|
|
Martin Bodenstedt
Guest
|
| Posted:
Thu Oct 20, 2005 8:20 am Post subject:
Re: PPTP VPN Startup Connect |
|
|
Bob schrieb:
| Quote: | On Wed, 19 Oct 2005 16:21:59 GMT, Mike Drechsler - SPAM PROTECTED
EMAIL <mike-newsgroup@-DELETETHISPART-.upcraft.com> wrote:
He incorrectly implied that you loose internet connectivity in the
default settings. What is actually happening is your computer will send
all internet traffic over the VPN.
Not if I configure the VPN not to do that.
|
Exactly.
And that's why we're restricting VPN access to our network to VPN
software solutions that lock down the configuration on the client side
to prevent split tunneling while the VPN link is open. All our VPN
clients have full internet access through our corporate internet
firewall (implementing virus scanning, spam discovery, trojan blocking,
spy ware blocking and the like)
| Quote: |
There is a checkbox in the setup that asks if you want the Internet
connection to come from the remote (as it would if it were an ISP) or
from your machine. I told it my machine, so my machine gets its
Internet connectivity from my Internet connection, not the remote one.
|
Please don't forget that doing it your way not only opens your PC to the
internet but also the remote one.
--
Martin Bodenstedt
(www.die-bodenstedts.de / www.maboko.de) |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in