VPN and DUN routing

I have a router to my broadband connection, and often have cases where I need to ALSO have a VPN and DUN connection active at the same time. I've successfully set up my routing table to use my "public" broadband connection for email (route -p add xxxx) since the VPN connection blocks ports I need. I can also get to everything I need on the VPN side.

The problem comes in when I then also enable a dial-up connection while the VPN is active. By default, the dial-up connection becomes the default, but there are only a few addresses I need to get to using it. I could add some other persistent routes in, but the problem I'm having is that the "interface" values for the VPN and DUN are dynamically assigned IP addresses. I haven't tried yet, but I'm pretty sure I could configure the routing table for what I need and get it to work, but then I'd have to re-configure each time I connected since the VPN & DUN IPs are dynamically assigned.

Anyone have a possible workaround for this? Is there any software that would handle routing conditions like this?

Thanks in advance!

Frank

 

Unfortunately I can't offer an easy solution, but I think I can explain why what you are seeing is happening.

The fact that your VPN connection is using a dynamic IP, tells me you are connecting from the client end of the VPN. That is VPN is being used to connect you into a remote server or network rather than you using it to allow others to connect into you.

In this arrangement there is a security risk for the remote server/network when it lets you connect. That is that you will effectively open up an unsecured route to the internet via your connection. To defend against that the VPN client at your end blocks all traffic, other than the VPN traffic, from using your connection while the connection is open. If it did not do that malicious traffic could get to the server/network by coming in on your internet connection and going down the VPN tunnel (bypassing the network/server firewall) to the server network.

Sophisticated VPN software will allow you to turn this blocking on and off. However, if I was the administrator of the remote server or network I wouldn't let you do this unless I was very sure of what you were doing.

The solutions are, talk to the administrator of the remote network/server and ask their advice. If you are that administrator the solution may be to change the VPN solution you are using to one that uses its own dedicated VPN client rather than the inbuilt Windows client. The best solution is probably to find a different way to do what you are trying to do. Get the information/date you want before opening the VPN connection, and then open the VPN connection to pass the info/data down the link.

 

Thanks Reggie... that makes sense. It is a client as you suspected.