4

I'm having some issues dealing with a client's VPN.

Context:

I am an Android engineer and I'm working with a client whose resources, repositories, dashboards, email, CI/CD, etc. are behind a VPN network.

Issue:

There is a set of tools that I need to use to work on this client's App. but these tools aren't working behind the VPN because it appears that the VPN basically blocks everything (Google, Slack, Android Studio, etc.).

Question:

The iOS guys are using a tool called Shimo to do a split tunneling with the VPN and the local internet connection, so they are able to access the resources behind the VPN and use their tools.

Is there something like that for Windows 10?

Notes:

  • I've been doing (a lot) of googling trying to find a similar tool that works with Cisco AnyConnect protocols without luck.
  • I tried to set up Windows 10 VPN.
  • I actually have two computers so I've been trying to set a local network between the two computers with a shared folder, that way I can clone the Git repo from the VPN'd computer into that share folder and access it from my other computer with Android Studio and all the tools that I use. At least that was the idea, but as soon as I turn the VPN on the VPN'd computer disappears from the network.
  • Tried to do the same thing with an Amazon Workspace VM but couldn't set a share folder.
  • Would be great to get a solution that doesn't require too much effort, maybe I'm missing some Shimo-like client for Windows out there?
  • The client is not flexible about the VPN, so allowing Slack, Google and things like that to go through the VPN isn't an option.

Edit 1:

  • I've been trying to configure the Cisco's VPN Adapter to use the default gateway on the remote network, like it says on this post. But on Windows 10 there's no option for that:

Example

  • I've been trying to use OpenConnect instead of Cisco, since OpenConnect supposedly support Cisco's protocol. However, I'm not really sure about how import Cisco's profile into OpenConnect. My Cisco client works with a hostname for the VPN, a username, a password, you need to pick a group and after that you need to put a 2FA token that I get through the Symantec VIP App. I'm not really sure how to configure all this on OpenConnect:

Config example

Improve this question
8
  • I have a similar issue with Cisco VPN as client blocks everything. I therefore made a Windows 10 VM to connect to client (via AnyConnect) and the host can connect to internet as normal. Would that work for you?
    – lx07
    Commented Jun 18, 2019 at 17:11
  • @lx07 Thanks for the comment. Yeah, the thing is that I'm running Android Studio (eats a lot of ram), Postman, design tools, Slack, tons of things, if I add a VM machine to all that I'm pretty sure that my computer is going to run as fast as a brick.
    – 4gus71n
    Commented Jun 18, 2019 at 18:17
  • The Cisco AnyConnect client must be blocking out the local network for the computer. This is dictated by the VPN server, but apparently the Shimo client can ignore it. Try using OpenConnect, described as "an SSL VPN client initially created to support Cisco's AnyConnect SSL VPN" since "the Cisco client ... found it to have many deficiencies".
    – harrymc
    Commented Jun 20, 2019 at 19:34
  • @harrymc TBH I've been trying so many different VPN clients that I don't remember if I tried with OpenConnect or not. I think I did. But I think that I wasn't enable to replicate CistoAny Connect's profile there. I'll give it a try once more and I'll let you know. Thanks for the info.
    – 4gus71n
    Commented Jun 21, 2019 at 0:07
  • Let me know what you try and how you configured OpenConnect. Might be worth adding to the post.
    – harrymc
    Commented Jun 21, 2019 at 6:29

1 Answer 1

Reset to default
3

The Cisco AnyConnect client must be blocking out the local network for the computer. This is dictated by the VPN server, but apparently the Shimo client can ignore it.

A replacement VPN client is OpenConnect, described as "an SSL VPN client initially created to support Cisco's AnyConnect SSL VPN" since "the Cisco client ... found it to have many deficiencies".

To extract the login details of Cisco AnyConnect, this might be found in the file %ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile, which is (or contains) an XML file.

This XML file might contain the tag HostAddress, which has the address of your VPN server. Note that it can also be HostName and there might be multiple tags. You need to pick the right one.

You might also need the VPN group as well. In that case, search for the keyword group in the XML (and probably XSD) to get the required group information.

More information about the structure of the XML file can be found in the article
Anyconnect XML preferences.

This is as far as I can go without having both products on my computer. Feel free to add to my answer any additional steps that you took.

Improve this answer
0

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .