I work from home. I use a VPN client on my local PC to connect to a remote PC at my company headquarters using Remote Desktop. My specific system specs are below. Now, before I establish my VPN connection, all DNS requests go to my Comcast DNS server. But when I've established my VPN to my company's network, all DNS requests for any internet application on my local PC are routed through my company's remote DNS server. Obviously, this is required for any application that is communicating through the VPN to any company resources. But the problem is that all of my other browsing activity that has nothing to do with the VPN connection must go through my company's DNS server and they are afforded the opportunity to block certain types of sites (like Facebook, Last.fm, YouTube, etc).
Is there any way that I can make any traffic associated with my VPN and Remote Desktop go through my company's DNS server, but any other local internet application (other instances of Internet Explorer) goes through my Comcast DNS server (and therefore cannot be blocked or monitored by my company)?
Local PC specs:
WinXP Pro SP3
F5 Networks VPN
Linksys WRT54GS Wireless-G Router
Comcast cable ISP
Internet Explorer 8
I’m not sure you can change/fix this behavior. VPN is a generic term. There are many types of implementations and each varies considerably. For example, LogMeIn Hamachi creates a network connection on the 5.x.x.x network. The only time resources are accessed over Hamachi is if I explicitly reference something in the 5.x.x.x network, otherwise it’s unsecured over my default gateway.
If this is a MS VPN, I suspect it just “takes over” in much the same way a dial-up connection does. And it’s probably not just DNS, but ALL your Internet bound traffic. And if you think about, it sort of makes sense. Some ppl use a VPN to secure their open wifi access (e.g., HotSpotVPN). In that case you WANT all your traffic to use the VPN. So how would you decide in one case to use the VPN, in another not to use the VPN? I suppose theoretically it’s possible, but I can also see this quickly becoming a mess. I think it’s just the way that particular VPN product works. It seems to be hooked into the network protocol stack and just redirects all non-local traffic indiscriminately. That’s why I don’t think you can fix it by mucking w/ the TCP/IP configuration (gateways, static routing, etc).
The easiest solution I’ve found (and one that leaves no doubt) is to use a VM (virtual machine) such as Virtual Box. Create your guest VM and specify the network adapter for virtualization. In this case it shouldn’t use the VPN (at least it didn’t when I setup a local VPN server and tested it). Now you can control network usage INDIRECTLY by confining certain applications to one or the other environment. Of course, you could reverse the situation and create the VPN in the VM (which may make more sense if the VPN is more the exception than the rule in terms of usage).
Obviously you could do the same thing w/ two PHYSICAL machines, but using a VM is more practical. And it doesn’t have to be Windows (esp. since it raises the issue of licensing), maybe use Linux. I find this solution works best when you only need one connection for small amounts of time and/or limited purposes. For example, accessing work files across a VPN. Rather than be bound to that VPN all day, even for private/personal activities, you keep your private life on the host, your work life on the guest VM.
Not a perfect solution, but works reasonably well in certain circumstances. And with VirtualBox’s seamless mode, you can do a pretty good job of integrating the host and guest VM environments into one seamless experience.
My company uses the VPN client from F5 Networks, authenticating with the RSASecurID soft token. It does appear to be the kind that takes over all network traffic. I've even tried resetting my DNS server on my LAN connection (the VPN shows up as a separate connection) manually after establishing the VPN, but the VPN apparently sets it back.
But it does sound like the best way to accomplish this is to do either my work or personal stuff on a separate Virtual PC. I'm planning on upgrading to Windows 7 soon. Is there any version of Win7 that lets you setup a virtual PC? I'll have to research this VirtualBox product you mentioned. Thanks for all of your help.
There is a setting on the VPN that can choose witch gateway it uses. In Properties of the VPN connection, that is if it is created on the pc using the inbuilt MS VPN, you can go to network and open IPv4 or in XP it is most likely "Internet Protocol (TCP/IP)". and in advanced you can uncheck "use default gateway on remote computer. It SHOULD let the pc romaine between DNS servers and gateway, If not located on public/you're DNS it will look in the Remote DNS and gateway