• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

VPN Security and Local Network

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
CreePinG_DeatH

CreePinG_DeatH

Member
Joined
Aug 17, 2001
If I am connected to a VPN, are all of my network connections covered? Would someone on the local network (non-vpn) still be able to remote-in to my PC? I couldn't figure if it's just the traffic that goes over the internet that is protected, or if my machine is completely covered.
 
I can take control of the machines of our VPN users. It depends on how the VPN is setup. I could, for example, create firewall rules to block anything I want over the VPN.
 
Let me clarify- if I was on a vpn of company "A," would company "B" (local network) be able to still control my computer, particularly direct access to my pc? I know company B would be able to block ports or whatever from accessing outside resources, but would company B be able to remote-login to my computer while I am connected to company A's vpn?
 
Hmmm, not sure i understand your situation fully.

Ok so you VPN into company A... Is company A and B linked via a VPN as well?

here is how I see it...

If the two companies are linked, then its possible company B could take control of your machine. It all depends on how the VPN is setup between you and company A and the rules between company A and company B.
 
Assume you are a comcast user. You use a vpn for your work (not comcast) and start your VPN connection. Would comcast still be able to log in to your PC while on the VPN for remote administration purposes to change whatever they want on your PC? The easiest thing would be to just prohibit your connection from reaching the Internet, but could they do more?

Sorry for not being clear enough.
 
CreePinG_DeatH said:
Assume you are a comcast user. You use a vpn for your work (not comcast) and start your VPN connection. Would comcast still be able to log in to your PC while on the VPN for remote administration purposes to change whatever they want on your PC? The easiest thing would be to just prohibit your connection from reaching the Internet, but could they do more?

Sorry for not being clear enough.
Click to expand...

Ohhh ok I get it now..

Not to my knowledge. When I VPN into the company with a software VPN client to my firewall in the company, it creates a secure connection, what it also does is disconnects all other internet connections to my machine. For example, when I am connected, I cannot browse the Internet from my home machine as it is cut off by the VPN software.

Now, if your VPN client does not disable your Internet access, then it may be possible for Comcast to connect, however unlikely. I guess it depends on how your VPN client handles your Internet connection.
 
my vpn encrypts and channels all outgoing traffic to the VPN, but I didn't know if that stopped others from getting in some other way. Is there an easy way to check how my vpn is configured?
 
This all depends what vpn client you are using and how your vpn is configured… are you sure ALL traffic is routed over the VPN? You can do a split tunnel VPN where only selected traffic is routed over the VPN and all other traffic is routed out across the internet.

Do you have a firewall? And are you connected to the VPN 24/7?

You would have to check your routing table / firewall / vpn client settings to determine how traffic is handled.

Using your firewall you could create a rule to deny all inbound traffic unless is it coming across the VPN connection…

you can do this by creating routes for all remote networks across the VPN and point a default or whatever other route to 127.0.0.1…

there are quite a few ways to go about doing this….

The best way would be just to test…. If your PC has an external IP address just try and access it / scan it from another host
 
Ok I just checked and the VPN blocks all uninvited incoming connection attempts while connected. So if I am connected whenever the PC is on, then I should be OK (as far as remote administration goes)?
 
Should be.. In any event, why would Comcast be able to take control of your machine anyway? Are you not behind a firewall?
 
I am, but I am more concerned with capabilities. So assuming that I am not behind a firewall, and connected to the VPN, the ISP would be able to see all of the traffic, just encrypted, and would just be able to tell the IP address hosting the VPN connection. Is that accurate?
 
correct... all traffic up to the end point will be encrypted... this is if ALL traffic routes over the VPN
 
With the Cisco VPN client it is a setting in the configuration (.pcf) file.

If EnableLocalLAN=0 then you can only see traffic on the network you are VPNed to (work network)
If EnableLocalLAN=1 then it is open to both local and remote networks.
 
Ok for the heck of it I just checked the pcf file for a different VPN. It has the local LAN as 1, so that is why I can use the Internet, and not just browse local files on the network?

Skid- Are programs, like anti-virus programs usually forced over a VPN, Or if the AV config files specifies a local IP address on the network (def repository), will it connect to it unencrypted? I am guessing that it would connect unencrypted. Feedback? Thanks
 
if it is pulling its config from a internal corporate network I would guess it would come across the VPN but again its based on config.... the easiest way to tell would be to use a program like tcptraceroute... it will let you do a traceroute over any tcp port and you can see if it routes over the VPN or internet.

This looks like a windows version of it

http://tracetcp.sourceforge.net/

if you do a trace route over 80, 443 or whatever and you see reply's from your ISP or something it is going over the internet.... if it times out once or twice and you see the remote networks as the next hop it is over the VPN
 
You must log in or register to reply here.

Similar threads

B
Ethernet Cables and Best Cat Rating. Some Thoughts
Replies
3
Views
190
Railgun
Railgun
Niku-Sama
Get incoming calls and texts on other devices on home wifi
Replies
2
Views
536
don256us
don256us
BugFreak
Error 5303 when accessing Office apps
Replies
0
Views
583
BugFreak
BugFreak
don256us
Ubiquiti PoE switches are too damned high.
Replies
1
Views
524
Railgun
Railgun
winetime
Upgrade the playstation 1 cpu or even recreate entire console motherboard
2 3 4 5
Replies
86
Views
2K
]-[itman
]-[itman
Back