VPN Client for Windows 5.01

- R
- rg
  
  Contact options for registered users
posted
16 years ago

Wed, Apr 16, 2008 4:23 AM

Is there a way to configure windows or vpn client to block all internet traffic unless successfull vpn connection is made?

Thanks in advance

- U
- Uli Link
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Wed, Apr 16, 2008 5:07 AM

rg schrieb:

If "all" traffic is blocked (which is possible) how should the VPN gateway be reached?

- R
- rg
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Wed, Apr 16, 2008 11:41 AM

- N
- News Reader
  
  Contact options for registered users
Vote on answer
posted
15 years ago

Wed, Apr 16, 2008 2:22 PM

When you configure policy on the Easy VPN Server (policies are pushed to the client), you have the option of configuring "split-tunnelling", or not. If you do not enable split-tunnelling, all traffic will go through the tunnel (when the tunnel is up), even traffic destined for the Internet. This can allow you to enforce security policies implemented at the head end (e.g.: firewall).

Until the tunnel is up, you have to rely on Windows mechanisms to curb Internet traffic. You should be able to use the Windows Firewall or some other third-party firewall to limit the range of IP addresses to which your host can connect.

Hopefully, your firewall would allow you to define different rules on an interface-by-interface basis. The rules you would implement on the LAN interface might differ from those implemented on the VPN interface.

Presumably the firewall might act on the encapsulated IP headers, and not just the encapsulating IP headers. You'd have to experiment to find out. I've not explored this myself.

Best Regards, News Reader