Koozali.org: home of the SME Server

Contribs.org Forums => General Discussion => Topic started by: zealot on June 04, 2007, 11:06:18 PM

Title: Don't use sme's gateway through vpn
Post by: zealot on June 04, 2007, 11:06:18 PM: Hello

I don't want users who connect to sme through vpn to use sme's internet gateway.

Can this be done ? If yes, how ?

Thnx.

(I've serched in this forum but i couldn't find anything usefull and configuring other machines default internet connection is not an option.)
Title: Don't use sme's gateway through vpn
Post by: girkers on June 05, 2007, 06:18:26 AM: You actually have to turn this off on the client. In Windows you have to go into the Advanced settings for TCP/IP of the VPN connection and turn off using remote gateway (it is on by default).
Title: Don't use sme's gateway through vpn
Post by: zealot on June 05, 2007, 09:11:36 AM: Thx girkers, but i don't trust my users to turn off the remote gateway. The problem is i can't monitor what they are accesing through the gateway and this is the reason why i wanted to turn off internet acces through vpn.
Title: Don't use sme's gateway through vpn
Post by: Confucius on June 05, 2007, 09:51:50 AM: Haven't done any background checking but I know that the VPN connections get a range of IP's assigned that's different from DHCP assigned IP's

I can imagine that a solution can be found in excluding those ip's in Squid.

Harro
Title: Don't use sme's gateway through vpn
Post by: zealot on June 05, 2007, 10:17:49 AM: Quote
Haven't done any background checking but I know that the VPN connections get a range of IP's assigned that's different from DHCP assigned IP's

I don't think that those vpn ip's are different, for example: one machine connected through vpn got this ip 192.168.1.249 and my machine ip is 192.168.1.250

In this case the ip range can be defined for vpn ? i will google for more info about squid but i don't want to restrict other ip's outside that ip range.
Title: Don't use sme's gateway through vpn
Post by: girkers on June 06, 2007, 06:08:56 AM: Quote from: "zealot"
The problem is i can't monitor what they are accesing through the gateway and this is the reason why i wanted to turn off internet acces through vpn.

I have to ask why can't you monitor their internet access through SME, if you can do it for local users, it would be exactly the same for VPN users as in theory they are just an extension of the physical network.
Title: Don't use sme's gateway through vpn
Post by: zealot on June 07, 2007, 09:18:07 PM: Quote
I have to ask why can't you monitor their internet access through SME, if you can do it for local users, it would be exactly the same for VPN users as in theory they are just an extension of the physical network.

The problem is i don't have any option to monitor local users, "local users" are just some dedicated servers running behind sme.. the "outside users" i can't monitor, squid gives me empty logs and even if it showed me what those users accesed i am unable to monitor them in real time.

I just wanted a on/off switch, not globally, but per user.
Title: Don't use sme's gateway through vpn
Post by: Stefano on June 07, 2007, 10:07:07 PM: Quote from: "zealot"
Quote
I have to ask why can't you monitor their internet access through SME, if you can do it for local users, it would be exactly the same for VPN users as in theory they are just an extension of the physical network.

The problem is i don't have any option to monitor local users, "local users" are just some dedicated servers running behind sme.. the "outside users" i can't monitor, squid gives me empty logs and even if it showed me what those users accesed i am unable to monitor them in real time.

I just wanted a on/off switch, not globally, but per user.

IMHO you'd better use a firewall like m0n0wall http://m0n0.ch/wall as vpn server; users' authenthication will be done via radius running on sme...

my 2c

ciao
Stefano