Talk:Split tunneling

Latest comment: 9 years ago by EichertC in topic Split Tunneling Software

This is confusing:

"Often when plain split tunneling is enabled, datagrams by default will go out the local network interface's default gateway. Only datagrams that are destined for IP networks behind the vpn terminator will go through the tunnel. This violates the principle of least privilege."

If the user disconnects the vpn session and every datagram goes through the default gateway, is the principle of least privilege violated? It would be helpful if there was more explanation of what non-minimal privileges should be removed.24.227.233.34 (talk) 17:39, 14 April 2011 (UTC)Reply

DNS Hijacking Does Not Break Private Addresses

edit

I've marked the statement about DNS Hijacking as dubious. Private addresses could not be hijacked unless the DNS client queries a public server, which would be an incorrect DNS configuration for a VPN. The public server would be unable to resolve any private address, so the results are unpredictable. Miqrogroove (talk) 16:02, 3 September 2012 (UTC)Reply

"Private addresses could not be hijacked unless the DNS client queries a public server" - this is exactly what happens when an ISP implements DNS Hijacking. The statement is actually far from dubious. worldentropy (talk)

What can happen with DNS hijacking is that attempts to connect to VPN sites while the VPN is not connected get redirected to the ISP's Hijack site, instead of failing (which would be correct behavior!). Then after the VPN is connected the computer's caches (at least OS and browser potentially) are "polluted" and continue to direct to the wrong address until the cache expires, or the user takes some other proactive action to flush their caches. This is covered on DNS hijacking. Peter.thejackos (talk) 03:02, 30 January 2013 (UTC)Reply

Agree this is not dubious at all. I have experienced this exact problem with the AT&T Net Client in split tunnel mode. A quick google search shows lots of real world complaints, eg http://arstechnica.com/civis/viewtopic.php?f=10&t=208297 — Preceding unsigned comment added by MyDogHasFleas (talkcontribs) 14:47, 18 June 2013 (UTC)Reply

Free vs Proprietary

edit

"OpenVPN is a client software to connect to an OpenVPN server and not a free VPN software" from their own Google Play download page. I would edit the wiki page but I cannot figure out how because the lists of free and proprietary software does not appear on the edit page (please educate me someone). Sqgl (talk) 07:09, 3 November 2013 (UTC)Reply

Split Tunneling Software

edit

Is it possible to control with software with package exit the machine via Tunnel and witch go the normal Gateway ? EichertC (talk) 12:24, 31 May 2015 (UTC)Reply