Then both your VPN software and the company's VPN device, would have to agree on a different (broader) list of destination IP address ranges to be sent over the tunnel. The remote side would need your workstation to act as a router for the company network.įor that to work out, your workstation would need to deliberately enable local routing features such as Windows RRAS (Which VPN software does not enable), and a static route entry would also be required to be added to your Home router in order to set the route for the corporate network's private IP address range to a next-hop of your computer's IP address.Īnother static route would then be required on the company's router setting your home router's IP address range to your computer to a next-hop of your computer's IP address. They're on the wrong side of the VPN link to have an IP from your home router even if they did assign one manually, it would not work. ![]() If someone did setup and abused that scenario without authorization from both the end user and the IT security management of the company it would be an extremely serious violation that could land the offender out of a job, with no eligibility for unemployment.īecause they don't have an IP from your home router This mostly eliminates the possibility that someone on network A uses your computer as a direct conduit to access remote VPN network B, or vice-versa, because your computer only has access to one network at a time, and not both networks simultaneously.īy changing the configuration of your VPN software to enable "Split Tunneling" it's possible your company could afterwards use AD to deploy special software to your company Laptop to proxy connections from one network to the other while you are connected. in the absence of split tunneling on a secure IPsec VPN there is no communication between your workstation and other hosts on your Home LAN while connected to a secure VPN, and all web surfing / other internet traffic goes through the corporate firewall. Usually when accessing a VPN split tunneling is an optional feature that is usually disabled or marked as forbidden in an Enterprise environment. It's something that would be highly irregular and should never happen, and it could be a serious crime, depending on what they were doing with unauthorized access to personal devices on an employee's home network. ![]() They could even do this without a VPN - an unethical IT person could use software such as Hamachi, or targeted malware, to make OP's work computer a backdoor into his/her home network. Generally the answer is no, BUT if they wanted to, and they were intrusive and unethical, and premeditated: someone in company IT could deliberately gain access to OP's home network during a vpn session, assuming Split Tunneling is enabled, which is VPN configuration the firewall admin may have complete remote control over in some cases with some VPN solutions, configuration would be required on the client side (which the company can change on a work laptop using group policy), or it might be available by default.
0 Comments
Leave a Reply. |