AIM loses connection when I dial into a VPN...

[MaxDSP]

I use a Cisco VPN client to connect to work, but as soon as I establish the connection, AIM drops its connection. Is this supposed to happen?

 

[talyn00]

Thats normal. It happens every time I use Cisco VPN client to connect into my school. It occurs because the traffic that is normally routed out through your local area network is being redirected through the encrypted tunnel the VPN connection creates to your work. So essentially all your connections are going out through your VPN to the network at your workplace. (someone correct me if i'm wrong)

 

[nightowl]

That is exactly correct talyn. You are changing your default gateway when you make the VPN connection so traffic now has a new path to follow. AIM should reconnect once the VPN connection is made unless you work blocks it for some reason.

 

[MaxDSP]

Originally posted by: nightowl
That is exactly correct talyn. You are changing your default gateway when you make the VPN connection so traffic now has a new path to follow. AIM should reconnect once the VPN connection is made unless you work blocks it for some reason.

No, its works OK after a few seconds once the connection is established. It makes sense, but I was under the impression that the "tunneling" was specifically between the VPN client and the VPN server, and not all the active Internet connections that I have open. Learn something new everyday...thanks talyn and nightowl.

Heres another question, I relize that the connection is more secure through the VPN, but does this mean that all the data that travels through the tunnel can be seen by the VPN server-side admins? Say I have the VPN open and I'm talking on AIM, would someone from work (an admin or something) be able to snoop in on the conversation if they wanted to?

 

[Garion]

When you establish a VPN tunnel, your access to the general Internet is pretty much wiped out and all traffic is forced through the VPN. This is for security reasons. If your machine has been compromised by a host on the Internet and you opened a VPN tunnel without this feature your corporate network could be compromised through your PC.

On the "Can the admin see my AIM traffic?" Absolutely. Assume that no traffic going through a corporate network can be intercepted and seen. The only thing that's hard for admins to see is that which is encrypted - HTTPS and SSH. AIM is not encrypted. There is, however, such a massive amount of traffic on a corporate network that it's very unlikely that they WOULD watch your AIM traffic.

- G

 

[VirtualLarry]

This is interesting, because I still plan to setup a VPN between two machines here on a wireless LAN, in ordere to share files in Windows', but still use the underlying wireless connection to the router to connect to the internet. Isn't there a way to set up the VPN, such that it doesn't become the default gateway, and instead, you just set up some routes for the IPs/subnets of the machines that you want to reach via the VPN? that still doesn't present a security risk, because static routes have higher precedence than the default internet gateway does, so it's not like some app could re-direct your VPN traffic out over the internet. (Unless it fduged with the route table, of course, but that would be detectable.)

 

[Garion]

What you are referring to is Split Tunneling. This occurs when only certain routes are pointed at the VPN and all others go through the standard routing process, including your default route. This is good when you want to only encrypt certain traffic and aren't as concerned about the security of the end point being penetrated through the client. Most VPN devices have an option for standard tunneling and split tunneling.

- G

 

[Deleted member 4644]

This reminds me of an important use of VPNs -- you can use them to bypass bad routers on your normal internet connection. Cox HSI routers were regularly failing a few weeks ago in SOCAL so I used a VPN to my school to bypass those routers -- AIM, web browsing, etc all worked about 10x better.