Topic: Don't use sme's gateway through vpn

[zealot]

Hello

I don't want users who connect to sme through vpn to use sme's internet gateway.

Can this be done ? If yes, how ?


Thnx.


(I've serched in this forum but i couldn't find anything usefull and configuring other machines default internet connection is not an option.)

[girkers]

You actually have to turn this off on the client. In Windows you have to go into the Advanced settings for TCP/IP of the VPN connection and turn off using remote gateway (it is on by default).

[zealot]

Thx girkers, but i don't trust my users to turn off the remote gateway. The problem is i can't monitor what they are accesing through the gateway and this is the reason why i wanted to turn off internet acces through vpn.

[Confucius]

Haven't done any background checking but I know that the VPN connections get a range of IP's assigned that's different from DHCP assigned IP's

I can imagine that a solution can be found in excluding those ip's in Squid.

Harro

[zealot]

Haven't done any background checking but I know that the VPN connections get a range of IP's assigned that's different from DHCP assigned IP's

I don't think that those vpn ip's are different, for example: one machine connected through vpn got this ip 192.168.1.249 and my machine ip is 192.168.1.250

In this case the ip range can be defined for vpn ? i will google for more info about squid but i don't want to restrict other ip's outside that ip range.

[girkers]

The problem is i can't monitor what they are accesing through the gateway and this is the reason why i wanted to turn off internet acces through vpn.

I have to ask why can't you monitor their internet access through SME, if you can do it for local users, it would be exactly the same for VPN users as in theory they are just an extension of the physical network.

[zealot]

I have to ask why can't you monitor their internet access through SME, if you can do it for local users, it would be exactly the same for VPN users as in theory they are just an extension of the physical network.

The problem is i don't have any option to monitor local users, "local users" are just some dedicated servers running behind sme.. the "outside users" i can't monitor, squid gives me empty logs and even if it showed me what those users accesed i am unable to monitor them in real time.

I just wanted a on/off switch, not globally, but per user.

[Stefano]

I have to ask why can't you monitor their internet access through SME, if you can do it for local users, it would be exactly the same for VPN users as in theory they are just an extension of the physical network.

The problem is i don't have any option to monitor local users, "local users" are just some dedicated servers running behind sme.. the "outside users" i can't monitor, squid gives me empty logs and even if it showed me what those users accesed i am unable to monitor them in real time.

I just wanted a on/off switch, not globally, but per user.

IMHO you'd better use a firewall like m0n0wall http://m0n0.ch/wall as vpn server; users' authenthication will be done via radius running on sme...

my 2c

ciao
Stefano