Thursday, January 3, 2008

VPN setup for Mac OS X Tiger (10.4.x)

I connect to a Microsoft Windows Server 2000 VPN and these instructions (PPTP) work.
  1. UCLA:
  2. UMass:
  • The UCLA site has instructions for both Tiger and Leopard (10.5.x).
  • Leopard VPN setup has an additional option that allows you to decide whether Internet traffic (non-VPN, like Google or Yahoo) will go through the VPN (i.e. tunneled through your organization's network) or through your local Internet connection (typically your ISP). But on a colleague's MacBook with Leopard upgrade this feature did not work. Even when the bypass option was enabled the default route was still through the VPN. Seems like a bug.
  • Most companies typically do not allow such a bypass while connected over the VPN for security reasons. The IT admins fear of a security risk: you are browsing on some Internet site that runs a malicious program on your computer while it is also connected to the company's network, exposing it to danger. They control this by installing the VPN client themselves and lockdown the options. This can be done easily on domain controlled Windows. Not sure if this restriction can be done easily on Mac's.
  • The UMass site has instructions on how to setup Tiger for doing the bypass. Ofcourse you have to follow these instructions everytime you connect via VPN. You can write a little script to automate this, assuming your default route at every location you connect from (home, coffee shop, friend's home...) are fixed. But this is a very useful feature when you are at home checking baseball scores while downloading company email. You may not want the traffic to the baseball site to go through the company's Internet connection. Hence the bypass!

No comments: