Educause Security Discussion mailing list archives

Re: vpn split tunnel or no split tunnel

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Mon, 7 Feb 2011 17:04:20 -0500

On Mon, 07 Feb 2011 14:15:16 CST, "James R. Pardonek" said:

Depending on how it is configured, it is possible for a user to
inadvertently route traffic between the user's ISP and the tunnel.  So
if the user's computer gets hacked, it is possible for a malicious
hacker to gain access to your internal network via the split tunnel.
For that reason, we do not allow split tunneling.


Of course, if the user's machine is that heavily compromised, the miscreant
controlling the machine is able to set it to be split tunneling no matter what
you thought you had configured. :)

Attachment: _bin
Description:

Current thread:

vpn split tunnel or no split tunnel Mark Monroe (Feb 07)
- Re: vpn split tunnel or no split tunnel Nick Kartsioukas (Feb 07)
- Re: vpn split tunnel or no split tunnel Julian Y. Koh (Feb 07)
- Re: vpn split tunnel or no split tunnel James R. Pardonek (Feb 07)
  - Re: vpn split tunnel or no split tunnel Valdis Kletnieks (Feb 07)
- Re: vpn split tunnel or no split tunnel Nathaniel Hall (Feb 07)
- Re: vpn split tunnel or no split tunnel Chris Green (Feb 07)
  - Re: vpn split tunnel or no split tunnel Nathaniel Hall (Feb 08)
    - Re: vpn split tunnel or no split tunnel Dexter Caldwell (Feb 09)
- Re: vpn split tunnel or no split tunnel Greene, Chip (Feb 07)
- Re: vpn split tunnel or no split tunnel Allan Williams (Feb 07)
  - Re: vpn split tunnel or no split tunnel Mark Monroe (Feb 07)
  - Re: vpn split tunnel or no split tunnel Avdagic, Indir (Feb 07)
- Re: vpn split tunnel or no split tunnel Jesse Thompson (Feb 08)
  - Re: vpn split tunnel or no split tunnel Jeff Kell (Feb 08)