Solved

Force VPN Connection Before Accessing Any Network

Posted on 2006-11-17
5
1,103 Views
Last Modified: 2012-06-21

Hi Experts:

I'd like to force my travelling users to start the VPN before they log into a wireless (or wired) network.

So if one of my users travels to a hotel with a wide-open wireless network I want them to have to log in to the VPN b/f they can surf the Internet.

I've fiddled with bridging the two without success so I wonder if there is any freeware or windows settings that can require a VPN connection before a LAN is connected.

Any help would be appreciated.
0
Comment
Question by:ericbruntjen
  • 2
  • 2
5 Comments
 
LVL 4

Expert Comment

by:Smacky311
ID: 17966359
You will need a domain and you can disable cached account login through the domain.  Then users will be required to contact the domain controller prior to logging into their laptop.  Cisco VPN software allows "Start before login" and this allows them to login to the VPN at the control+alt+del screen for windows login.  

This will achieve the desired effect.
0
 
LVL 1

Author Comment

by:ericbruntjen
ID: 17966533

Thanks for the quick reply. The VPN isn't my own network so they can't authenticate into my domain from there. Its a good idea but I'm still hoping for something else.

I'm thinking of blocking IE and Outlook from the wireless adapter but not the VPN, that way they'd at least have incentive to log in to the VPN otherwise what would the point of connecting be? That might work in practice but in principle its pretty ugly.

E.
0
 
LVL 4

Accepted Solution

by:
Smacky311 earned 75 total points
ID: 17966707
What if you installed personal firewalls on the machines that blocked all ports outside of the necessary ports for VPN.  This way I believe you should still be able to access internet through the VPN, but all other adapters will be blocked.
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 50 total points
ID: 17972860
>>"force my traveling users to start the VPN before they log into a wireless (or wired) network"
Sounds a little impossible, in that they need an Internet connection to connect to the VPN. However, if you statically assigned the DNS server, in their TCP/IP properties, to be only your internal DNS server, they would not be able to browse the Internet or access any resource by DNS name, except through the VPN tunnel. To make doubly sure, force all traffic through the VPN tunnel by disabling split tunneling (usually is by default). On the Windows client, this is done on the VPN client by enabling "use default gateway on remote network".
Just a thought.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17982354
Thanks ericbruntjen. Cheers !
--Rob
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now