Link to home
Start Free TrialLog in
Avatar of bjbrown
bjbrownFlag for United States of America

asked on

OpenVPN access to internet site

Recently have installed OpenVPN to secure access to a single Window 2008 R2 server. Users now have to invoke the OpenVPN client to access the server which disables their access to the internet. One problem has surfaced where they have an internet site that provides a report which they would like to have up at the same time they are connected to the server and accessing certain files. I'm thinking that I can have that link on the server for them to run but not sure if the VPN tunnel will block that as well. What say you Experts?

As always, thanks
Brian
Avatar of Andrej Pirman
Andrej Pirman
Flag of Slovenia image
You could create VPN split tunneling on client, but be aware that such an approach breaks strict security rules in your company.
Here's one nice step-by-step: http://support.vpnsecure.me/articles/frequently-asked-questions/openvpn-split-tunneling

...except those commands:

route 174.137.125.44 255.255.255.255 vpn_gateway
    should be in your case
route 174.137.125.44 255.255.255.255 <IP-of-client's-default-gateway>

and you should not add this to config file:

route no-pull
Avatar of bjbrown
bjbrown
Flag of United States of America image

ASKER

Interesting article and idea, not sure if it will fly as you stated, may be risky.
Avatar of Qlemo
Qlemo
Flag of Germany image
The basic question is: Is the "Internet Lockout" intentional? If not, you should change that ASAP by not overriding the default route in OpenVPN server config.

In case you do not want to allow local Internet access, why doesn't it work passing the OpenVPN tunnel? You might have to fix that before doing anything else.

A link on the server will only work if it runs on the server (or inside the office LAN), e.g. in a Terminal Server session.
ASKER CERTIFIED SOLUTION
Avatar of Andrej Pirman
Andrej Pirman
Flag of Slovenia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of bjbrown
bjbrown
Flag of United States of America image

ASKER

Great feedback by all, I will leave this thread open for now until I consult with my network folks to determine the appropriate solution. I will post back with best solution.

Thanks again, I sincerely appreciate the recommendations I receive from all of the experts.