?

Log in

No account? Create an account
entries friends calendar profile It's Me Previous Previous Next Next
The Autobiography of Russell
Life from a different perspective
zimzat
zimzat
Work VPN Routing
I have a VPN connection to work. I don't want my normal traffic going through the work network so I only route the internal IP addresses through the VPN. My company's mail servers actually use public IPs so people can access their mail from, say, their Blackberry. My ISP (Cox) only allows SMTP connections to their own server. Normally this isn't a big deal for me but when I'm working from home I don't want to route my work emails through their server.

For a while my solution was to SSH into my work computer and forward the X server so I could launch Thunderbird remotely. This works, but is slow and takes several minutes just to launch. I then have to sync the mail directory back to the laptop as well.

My next solution was to have an alternate VPN configuration that forwarded everything just for when I knew I needed email (or could switch to when I did), but I had a better idea. I couldn't just put the exact IP of the mail server since the VPN routing only allows ranges. Instead I set the range to /31. This includes the IP before and after, but I doubt that will be a problem.

In the end I get work SMTP connections at home and I still get to keep almost everything else off the network. Win/Win.

Tags:
Current Mood: accomplished accomplished

4 comments or Leave a comment
Comments
amnewsboy From: amnewsboy Date: March 25th, 2008 02:33 am (UTC) (Link)
When I had my workplace VPN (actually, I still do, but the software doesn't like Vista - imagine that...), I hated being logged in and FORGETTING I was logged in... then proceeding to visit (ahem) unapproved sites and getting the "This content has been blocked" message.
zimzat From: zimzat Date: March 25th, 2008 02:56 am (UTC) (Link)
We don't have any filters at work. I have heard rumors of one person who got in trouble for visiting inappropriate sites while on the VPN, thus why I looked into the routing option. There is the catch that all DNS requests still go through their servers since we use a customer top-level domain name for internal sites.

My development station at work is Linux so I only connect to work using VPNC. I'm not sure but I don't think Windows has the option of only routing specific IP ranges.
legolastn From: legolastn Date: March 25th, 2008 05:13 pm (UTC) (Link)
Cox and the University both disallow SMTP connections to other servers, which I find incredibly annoying.

However, I just use Autoroute SMTP to switch SMTP connections depending on where I am, since I don't really have a concern about sending work emails over Cox servers, or private emails over University servers. Maybe I should be more concerned about it though.
raist_ From: raist_ Date: March 25th, 2008 08:24 pm (UTC) (Link)

Speaking as an ISP

Most ISPs now restrict port 25 (SMTP) traffic, due to trying to restrict massive Spam relays.

One of the solutions for this, is to use an alternate port on your mail servers (2525 is often used, but you can use pretty much anyone that isn't standardized) in order to circumvent the ISP's restrictions.

I've seen a few other solutions as well, but using an alternate port is usually the most common one.

Otherwise, you can also just set your Outgoing server to Cox's, and your Incoming server to Work, but again, that means you'd be sending out through a non-work server, which could get security people angsty depending on your security clearance.
4 comments or Leave a comment