[lug] vpn and traceroute
Aaron Nichols
anichols at trumped.org
Mon May 23 12:12:25 MDT 2011
On Mon, May 23, 2011 at 12:00 PM, karl horlen <horlenkarl at yahoo.com> wrote:
> i've got an older win xp based netbook i configured an ssl vpn client on. when vpn is enabled i can see that 'ipconfig' (win's ifconfig equiv) has setup the nw adapter correctly to use my work network and it works fine.
I'm assuming this means you can get to your office network ok when the
VPN is up.
> for grins, i ran a tracert (win's equiv of traceroute) to an internet domain. regardless of whether i have the vpn up and running or not, the traceroute output is the same, meaning it shows all the hops from my home dsl provider.
>
> is this the way traceroute is supposed to work? i assumed that it would skip all the ip hops in between / over the tunnel and start pinging from within the work network so that the trace assumed it was coming from the work assigined ip address. otoh, maybe traceroute has to work on all the individual hops that comprise the tunnel? but that doesn't make sense right?
Traceroute isn't doing anything special, this is how your routing is
working. Typically if you have a VPN setup to do "split tunneling" you
can send Internet traffic directly to the destination without going
over the VPN. The VPN is then configured to only route specific
networks (your work network). This is optimal for performance but has
some security tradeoffs.
You can confirm this by using a host in your office as the traceroute
destination. This should only show a few hops as it traverses the VPN.
Depending on the VPN client you may also see specific routes in your
routing table for your office network - not all VPN technologies work
this way though.
Aaron
More information about the LUG
mailing list