Solved

How do I route a website through a VPN tunnel?

Posted on 2008-10-14
7
672 Views
Last Modified: 2012-08-14
Hello,
At my place of work we have an external website that we have a subscription to and it can be accessed by any computer within our internal network as our license is based on our external IP address. We have external offices that are connected by VPN tunnels that can not access this site as their external IPs are different from our main branch. What I would like to do is route all traffic to this site over the VPN tunnels to the main site and out the main sites firewall. Essentially tricking the website into thinking the request is coming from the main campus. I have all the routes added correctly and the tunnel shows up but the traffic does not go down the pipe as it should. In theory it should work but I have went wrong somewhere. Any ideas? Is the theory I have in my head a figment of my imagination? :P Thanks in advance!

Chris
0
Comment
Question by:cjensen24
  • 3
  • 3
7 Comments
 
LVL 23

Expert Comment

by:debuggerau
ID: 22718078
are you able to change the default gateway on the new clients to reflect the internet access via the VPN tunnel trunk?
0
 

Author Comment

by:cjensen24
ID: 22718089
I am routing the IP of the external site through the tunnel as I don't want them surfing the web through these tunnels. I just want them accessing this website through the tunnel along with internal resources.
0
 
LVL 14

Accepted Solution

by:
Roachy1979 earned 500 total points
ID: 22719080
The theory is correct...

Can you just confirm that when running a traceroute using the hostname what happens - run the traceroute again using the IP and confirm the 2 are the same?

Can you also print the routing table on the clients and also on the VPN gateway...as this might give some clues.

Worst case scenario, by implementing a proxy at your office and configuring web clients to use that then that would alter the originator address to a permitted one..... You could get around the configuration by using one browser for general web access not using the proxy (eg. Firefox) and one browser for the other site (eg. Opera or IE).  A squid server would easily allow you to do this or you could set up a simple socks proxy using SSH...


0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 14

Expert Comment

by:Roachy1979
ID: 22719088
If you go down the second router (2 browsers, one for general web access and one for this site), then configuring a Socks proxy would be the easiest way to do this....just thought I'd add instuctions...

http://lifehacker.com/software/ssh/geek-to-live--encrypt-your-web-browsing-session-with-an-ssh-socks-proxy-237227.php

0
 

Author Comment

by:cjensen24
ID: 22723360
Thank you for your assistance. I am going to give the proxy server a try. It sounds like the best bet to make this work in our environment. I will give an update on the progress as soon as I get a chance to set it up.

Chris
0
 
LVL 14

Expert Comment

by:Roachy1979
ID: 22723947
No problem - if you need any help at all post back here....

Good luck :)
0
 

Author Comment

by:cjensen24
ID: 22833006
I am sorry I have not fully been able to test this solution as I have been dealing with spam filter issues and telephony issues. I will go ahead and close this question so that you can get credit for the answer as it is the only solution that can work. Thank you for all your assistance, I appreciate it!

Chris
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now