Catch traffic in TCP stack

NTDEV
1

Hi everyone,

I’ve got the following problem:
to get access to the internet one has to use a third party vpn client,
which tunnels *all* tcp/ip traffic. The problem is, that you can either
have internet access (vpn client is active) or have LAN access (vpn
client deactivated). I think the vpn client installs some kind of driver
which tunnels all traffic throug the vpn. Is there a solution to let the
LAN traffic pass the normal way and let the vpn driver tunnel the rest ?
What kind of driver would one need to accomplish this ?

thanks in advance

Jan Newger

2

If you are using just Microsoft VPN. Then modifying the route table
would do the trick. Another fact you would see in the case of Microsoft
VPN client is, you would see the local LAN Traffic (traffic targeted to
the local subnet) not tunneled to the VPN gateway.

What you are referring to is a feature which was added to IPSEC drafts
around year 2000. It is called Mode config/Virtual Identity. I believe
you can configure the VPN server so that the client wouldn’t have to
tunnel all the traffic to VPN gateway. But network admins wouldn’t like
to do that.

-Srin.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jan Newger
Sent: Wednesday, March 17, 2004 10:37 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Catch traffic in TCP stack

Hi everyone,

I’ve got the following problem:
to get access to the internet one has to use a third party vpn client,
which tunnels *all* tcp/ip traffic. The problem is, that you can either
have internet access (vpn client is active) or have LAN access (vpn
client deactivated). I think the vpn client installs some kind of driver

which tunnels all traffic throug the vpn. Is there a solution to let the

LAN traffic pass the normal way and let the vpn driver tunnel the rest ?
What kind of driver would one need to accomplish this ?

thanks in advance

Jan Newger

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@nai.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

3

xxxxx@NAI.com wrote:

What you are referring to is a feature which was added to IPSEC drafts
around year 2000. It is called Mode config/Virtual Identity. I believe
you can configure the VPN server so that the client wouldn’t have to
tunnel all the traffic to VPN gateway. But network admins wouldn’t like
to do that.
that’s the point. I think this has to be configured on the server which
i have no access to. What kind of driver would solve this problem ?

thanks

jan