[plug] vpn breaks home network
Adrian Chadd
adrian at creative.net.au
Wed Dec 12 10:34:23 WST 2007
On Wed, Dec 12, 2007, Jon L. Miller wrote:
> What it appears that Rob needs to do to fix this is to have split
> tunneling enable so it can send access to the local lan, but this has to
> be done from the VPN server (main router). He also needs to enable access
> to local lan on his vpn client.
> I've run into this several times in the past when we ran a large vpn network.
It doesn't specifically have to be done from the VPN server. Its just
how the software controlling the VPN at the client side gets its
"policy".
IPSEC is weird. Its sometimes used as a tunnel (ie, you have an interface
which acts just like any other), sometimes it uses security policy with
or without the tunnel (ie, it uses rules to say "match on X, Y; send
to IPSEC peer X".) Thats part of the security association setup with
IPSEC.
(I hate IPSEC in the SA mode; I much prefer it in tunnels. The world
doesn't agree however.)
Adrian
More information about the plug
mailing list