Howdy. My employer has started letting me work from home one day a week. However, in testing the VPN, it looks like it routes ALL traffic through the VPN, not just when I’m connected to my work computer via “Remote Desktop Connection”. Is there any way to avoid routing other traffic on my computer through the VPN? eg I want to play a game of League of Legends or two but don’t want that traffic routing through employers VPN. Using Cisco AnyConnect and the Remote Desktop Connection.
You’re absolutely sure they aren’t using split tunneling? Check what your public ip is before and after you connect to the VPN.
I think your only options are to disconnect from the vpn and then use the computer or use an entirely different machine. There is an option on AnyConnect to allow local networks but if the policy for the vpn is to tunnel all or it has a default route as a protected (tunneled) route that’s what your machine will use. In my experience it’s really hard to get around anyconnect but maybe someone on here will have a workaround. You could also ask whoever manages the VPN to only protect the networks actually on your corporate network but they’ll likely say it’s part of the corporate security posture.
That is how a VPN works. Connect to the VPN, it routes traffic through that. Disconnect from the VPN and you’re back to normal.
The VPN puts you on your works network, which is how the RDP connection works.
Edit: You should only be connected to the VPN when you’re wanting to work.
The best way is to use something like VirtualBox or HyperV and make a VM that’s only used for doing work. That way only internet traffic within the VM will go through the VPN; you can do what you want outside of the VM.
You should have a new default route created in the routing table (it would be 0.0.0.0) pointing to your VPN gateway, you would just remove that route with route del and make sure the only routes using your VPN adapter are for the subnets you want to use the VPN for
Alternatively you can disconnect from the VPN when you want to play games
Yeah. I used http://checkip.dyndns.org before I connected to the VPN in my personal browser, and after I connected, and they were different.
Wow… They really shouldnt be doing that if all you access is your work device through RDP
It’s very common, in my years in IT every employer or client has done this (usually a basic Cisco IPSec client) apart from the ones I’ve configured myself with oVPN.
Is there any way to get around it?
Yeah… VPN is common… But theres no reason to route all internet traffic through. That’s exactly what split tunneling prevents and still allows you LAN access.
Maybe tell your work they need to set you up with split tunneling. That way only lan traffic goes through… Which is all you need for rdp
theres no reason to route all internet traffic through
There’s absolutely valid reasons to do this. With split-tunneling, the company can open itself up to unnecessary risk. Without it you can add some security controls, and make the user more accountable for their actions while accessing company resources remotely.
For example, any malware the employee may get from browsing/email/etc while connected to the corporate LAN poses a risk, since the company doesn’t have any control over how/if it’s being filtered/scanned. People browsing the web while working isn’t the problem. The problem is that a lot of them are clueless about how to do it safely. You wouldn’t want to willingly allow malware on an employee’s infected machine to possibly exfiltrate company data without being able to do anything about it. Especially when the machine is not a company asset, but a rather a personal device owned by the user.
Adherence to company policies is another reason. Say your company has a “No Facebook” policy at the office; why wouldn’t they enforce that for remote users as well (as best they can anyway)? Remember, the company is paying them to work from home. If they’re connected to the VPN, they can be considered “on the clock”. Just because they’re remote doesn’t mean that policies should no longer apply.
It obviously depends on the role, industry, policies, etc. – just pointing out that you can’t generalize and say there’s “no reason”.
I’m speaking in for this post only dude. And in this context that he gave. Obviously there are reasons for doing all traffic. But if hes accessing his conputer at work through RDP then it really makes no sense to sending internet traffic through.
The rest he can figure out. Personally id refuse putting a vpn like that on my personal device. You rant about policies and stuff in your post… Yet there letting an employee use their personal laptop.
My replies were very absolute, so I can understand why you would reply back with so much info. I am a bad writer and englsih is my 2nd language, so sometimes my replies sound so matter of fact, when really i just generalize when given little info. In the end I basically told him to discuss it with his work about it… which is the best solution really.
If he opened with something like “My job requires me to transmit sensitive data across the internet…” I wouldn’t tell him anything else other than deal with it.