0

I know too little of even the basics...

When working remotely, I connect with my work computer (Windows 10) via my own router/ISP to the work network via VPN (using Cisco AnyConnect - there's a 2FA hardware key involved).

Employer blocks various websites not deemed work related, e.g. video sharing sites (even if they host useful tutorials), social media (even if they encourage employees to link with and promote the company page), and web-based e-mail (e.g. Google Mail is blocked, but not Google Calendar nor some other Google offerings). {I can visit various utterly time-wasting meme sites, forums and even StackExchange sites just fine :-).} When visiting one of the blocked sites, Chrome displays the ERR_TUNNEL_CONNECTION_FAILED error page.

In addition, once VPN'ed, I am unable to visit my router's own admin page (192.168.X.1). Chrome however displays the ERR_NETWORK_ACCESS_DENIED error page. Anti-virus/firewall protection is handled by Symantec Endpoint Protection, and I am unable to see if I even can add an exception.

I can obviously visit all sites just fine from my work machine when disconnection from VPN, or from another device connected to the same router.

Ideally, I would like to be able to visit these sites from my work machine while still connected to the VPN (for example to check on connection status or data usage stats on my router, or check private e-mail) while waiting for long-running processes involving authenticated data transfer - I'd be using my own network resources after all.

Would this be even possible? If so, can you provide detailed instructions? (Unfortunately the employer is a big corp so "talking to some network admin" is unlikely to get exceptions.)

I found these related (but too technical, or Linux orientated)

Improve this question
2
  • It depends on the type of vpn and how it is setup. A global VPN service, typically you don't want that, so no. A work-related VPN is typically setup to only allow work related traffic to go through the VPN and normal internet traffic remains outside. Otherwise your internet traffic would also pass through the internet at work. If the local IP Range overlaps work IP range, tunnelling all traffic over VPN is almost always necessary though.
    – LPChip
    Commented Aug 4, 2022 at 8:35
  • @LPChip often "enterprise" VPNs do opposite: they route everything via VPN. Some of them suck so much as they even don't have an option to disable this behaviour (Kerio for example). As for Cisco AnyConnect Client, it has its own "enterprise feature": it can download and run the binary on the client machine "to check for security problems", effectively becoming a rootkit.
    – Nikita Kipriyanov
    Commented Aug 4, 2022 at 11:04

1 Answer 1

Reset to default
0

Cisco VPN (AnyConnect) installs a default route that directs everything via VPN, except the traffic to the VPN access server itself. You can try to override that after connecting: remove that default route and replace it with the one you like. To make sure you can still connect to work resources via VPN, you'll need to install more fine grained routes to resources you use. You'll need to do this each time you connect. Also notice, that the VPN client reconfigures DNS to be resolved by VPN's DNS services, and those can do some blocking at that level too.

The easiest method, I think, is to use a virtual machine and install client inside. That'll be the confined environment your employer could ever see and have any kind of control. Your computer will be then free from them and their bogus VPN routes. You'll do your work within the virtual machine, and nobody will ever know if you do anything outside of it, just like you have a dedicated computer.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .