Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: vpn split tunnel or no split tunnel

From: Allan Williams <allan.williams () ANU EDU AU>
Date: Tue, 8 Feb 2011 07:41:56 +1100
G'day,
        We implemented split tunnelling since the purpose of the VPN was to secure communications back to the 
University and we didn't want to pay or log home user downloads.  Of course none of our users do BUT hypothetically, if 
a user on their home machine surfs for porn, runs a bit torrent etc we didn't see the need to have knowledge of this or 
for this traffic to transit our network.

        Drawback of split tunnelling for us has been access to off campus library resources that use an IP based access 
control.  With a split tunnel,  the user's web browser will attempt to make a connection directly not via an 
approved/allowed university IP address.  To overcome this we had to implement a reverse proxy which allowed vpn and 
non-vpn users access to external resources. In general we have promoted the reverse proxy and the primary access to 
some on and off campus  web resources and reserved vpn access to those that require secure access to university 
enterprise systems (finance, hr, student etc)  

Regards,
        Allan

On 08/02/2011, at 6:58 AM, Mark Monroe wrote:


We are architecting a new vpn service on campus and some people want split tunneling and some do not. I am not 100% 
sure either way. Anyone have any examples or data that might push me either way?

Mark Monroe    
Information Security Officer
University of Missouri - St. Louis


==================================
Allan Williams
Director IT Infrastructure 
Division of Information
South Oval 
Building #88T
The Australian National University
Canberra ACT 0200

T: +61 2 6125 8404
F: +61 2 6125 7699
www.anu.edu.au

CRICOS Provider #00120C
==================================
Previous By Date Next
Previous By Thread Next

Current thread: