Join Log in
Score:0
stephen avatar Server

Connecting to VPN blocks other connections

no flag
stephen

One of my clients provides me with a VPN connection using Palo Alto Network's GlobalProtect.

It works reliably but blocks other network connections from my Windows client machine when it is active.

At first I thought it blocked everything including the LAN, but have since realised that it is selective. Some web sites still work, while others are blocked.

So I'm guessing it is placing me under the security filtering regime of the organisation while I am connected to it.

Can someone explain how this mechanism works on my client machine in terms of the network protocol stack, or point me some relevant materials?

In particular, what gives this VPN connection the authority to override my other connections, and what strategies might work to circumvent this intrusive behaviour?

No other client VPN I have ever encountered does this, and this disruption actually degrades the quality of support that I am able to provide them.

I am moving devops into a cloud virtual machine environment which I suspect will be effectively orphaned if I try to connect to this VPN from within.

50
0 + 0
vpn
Score:1
joeqwerty avatar Server
cv flag
joeqwerty

Your client is doing this to ensure that their network is secure while you're connected to it. You should take their security as seriously as they do. If this is having a material impact on your ability to perform work for them, then speak to their security team or to the person there that you report to.

If this is preventing you from accessing sites and services unrelated to the work you perform for them, then don't access those sites and services while you're connected to the VPN.

If you attempt to circumvent their security, and their network is breached as a result, you could find yourself legally and financially responsible, which is not a position I would put myself in.

0 + 0
stephen avatar
no flag
stephen
Hi joe, thanks for the advice, but I'm really seeking specific technical insights with this question. When I'm looking for a scolding, I can generally find that at home :)
0
Reply
joeqwerty avatar
cv flag
joeqwerty
My answer isn't "scolding". I'm merely saying that your client is doing this for a reason, and you should abide it. Circumventing it is putting your client and risk and is putting you in a position of potential legal and financial jeopardy. Circumventing it wouldn't be something I would undertake.
0
Reply
stephen avatar
no flag
stephen
Again, thank you. But I am seeking technical advice here on what is possible, not legal advice on what is prudent. When I fully understand the technical mechanisms and their security ramifications, I will be able to make my own informed judgement. Can you assist with the technical aspects?
0
Reply
joeqwerty avatar
cv flag
joeqwerty
Technical advice about what? About how to circumvent their security? We don't do that here. My apologies if my answer isn't helpful. Good luck in your endeavor.
0
Reply
stephen avatar
no flag
stephen
Technical advice about the precise mechanisms of the network protocol stack which allow a new VPN connection to decide what other connections a device is allowed to maintain. I had thought this type of information was precisely what server fault is about, but if you are sure that you speak for everyone here, then perhaps I am mistaken.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.