projects
asked on
Forward Proxy vpn dns
Having a discussion with some people and there seems to be some misunderstanding about proxy server setups.
Someone says;
We could set up a vpn for the employees but then all traffic flows through our network so we would need an awful lot more bandwidth since their work files are huge. Isn't there some other way of giving them full anonymous internet access using our DNS servers but where they can use their own bandwidth directly? Like a url re-writing dns setup or something? Does the traffic have to I/O 100% through our network?
---
The discussion begins and all kinds of information is pulled off the net. There are dns proxy services which only re-route your dns queries, There are smart proxy services which seem to have all traffic, including all bandwidth for downloads coming from the proxy server network. There are vpn services which have everyone connecting to one or more networks and all traffic is then I/O from that one network and of course, to the users own location.
The question is...
Are there other methods where we could give the remote employees fully anonymous internet access for their work without having to take on all of the bandwidth requirements?
Some kind of proxy server which anonymizes the remote workers traffic but where all of the data doesn't have to flow I/O from that proxy network.
Or more specifically, a dns server which re-writes the urls and dns queries between itself and the user but the user still connects directly to what ever web site they are interested in, effectively using only our dns servers but their own bandwidth to download the huge work files.
Someone says;
We could set up a vpn for the employees but then all traffic flows through our network so we would need an awful lot more bandwidth since their work files are huge. Isn't there some other way of giving them full anonymous internet access using our DNS servers but where they can use their own bandwidth directly? Like a url re-writing dns setup or something? Does the traffic have to I/O 100% through our network?
---
The discussion begins and all kinds of information is pulled off the net. There are dns proxy services which only re-route your dns queries, There are smart proxy services which seem to have all traffic, including all bandwidth for downloads coming from the proxy server network. There are vpn services which have everyone connecting to one or more networks and all traffic is then I/O from that one network and of course, to the users own location.
The question is...
Are there other methods where we could give the remote employees fully anonymous internet access for their work without having to take on all of the bandwidth requirements?
Some kind of proxy server which anonymizes the remote workers traffic but where all of the data doesn't have to flow I/O from that proxy network.
Or more specifically, a dns server which re-writes the urls and dns queries between itself and the user but the user still connects directly to what ever web site they are interested in, effectively using only our dns servers but their own bandwidth to download the huge work files.
ASKER
Thanks.
However, the point being that the managers want to have all remote workers traffic being anonymized while not taking on the burden of all the bandwidth going through the proxy setup.
More of an anonymous redirection setup.
However, the point being that the managers want to have all remote workers traffic being anonymized while not taking on the burden of all the bandwidth going through the proxy setup.
More of an anonymous redirection setup.
For traffic to be anonymized it has to flow through the anonymizing proxy/device. No way around that. All the proxy does is make it so the traffic appears to originate from itself. Any other sort of anonymizing (like spoofing the source address) and return traffic would have no way of being routed correctly. If all you were looking to do is have the DNS requests "anonymized" (I wouldn't call it that, but all the requests would just appear to come from your servers, not directly from any client), then the split-tunneling suffices.
What is the concern that motivates providing "fully anonymous internet access" for remote workers? What information are you trying to conceal from being exposed via a user's browsing/other internet activities?
What is the concern that motivates providing "fully anonymous internet access" for remote workers? What information are you trying to conceal from being exposed via a user's browsing/other internet activities?
ASKER
The company does a lot of research and they are frustrated by how traffic is being scrutinized by search engines, providers, you name it. All of that data ends up being correlated and in the end, it means no privacy.
So, this discussion came up about what options there might be. Even a proxy would only anonymize the employees, not what they are doing or what they are visiting.
Your split-tunneling VPN is interesting but I don't know that there would be a list of specific IPs. Is there such a thing as split tunneling proxy without vpn but based on the type of content? Depending on content, all traffic would flow through the proxy otherwise, would go direct to the remote.
So, this discussion came up about what options there might be. Even a proxy would only anonymize the employees, not what they are doing or what they are visiting.
Your split-tunneling VPN is interesting but I don't know that there would be a list of specific IPs. Is there such a thing as split tunneling proxy without vpn but based on the type of content? Depending on content, all traffic would flow through the proxy otherwise, would go direct to the remote.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
There is a lot of content based routing out there but I'm not sure it exists for this kind of thing.
Anyhow, back to your last post, how would content be destined to the network or user, what controls that, what is controlled?
Anyhow, back to your last post, how would content be destined to the network or user, what controls that, what is controlled?
I'm not sure I understand your last question.
Routing is based purely on what IP address is being communicated with.
Routing is based purely on what IP address is being communicated with.
ASKER
I just meant local content routing.
Still not seeing what you're asking that wasn't already answered.
ASKER
Now I don't know what you are talking about... I picked an answer already :)
:)
After the post that you accepted as the answer, you had a question. I was just trying to answer it but didn't really understand what you were getting at. If it's something you'd like to clear up, please try to clarify what you're after, but if not, I won't worry about it further.
After the post that you accepted as the answer, you had a question. I was just trying to answer it but didn't really understand what you were getting at. If it's something you'd like to clear up, please try to clarify what you're after, but if not, I won't worry about it further.
ASKER
No worries, you basically answered one part of my question so I awarded with the intention of possibly posting a new question based on what I learned from this one.
With split-tunneling off, all traffic will flow over the VPN connection when it is established.
How you set up split-tunneling depends on your setup. It might be a setting in your VPN appliance, or it could be a setting on the client (in the VPN connection's properties).