Bridging local network adapter and VPN adapter

Got a problem with Viscosity or need help? Ask here!

scottslabs

Posts: 4
Joined: Thu May 01, 2014 11:34 pm

Post by scottslabs » Thu May 01, 2014 11:39 pm
Are there any performance or security issues in bridging local network adapter with the Viscosity virtual VPN adapter?

Reason for my inquiry...I can't reach my main PC via hostname when outside of my home network. Internally, I make connections fine. I've forwarded ports in router, etc. The only thing that works is bridging adapters. What else may I be missing, i.e. different internal IP address for adapters?

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Fri May 02, 2014 1:30 am
Hi scottslabs,

There should be no noticable performance hit, but bridging your Viscosity adapter to your Local netowrk does open a security hole as you are essentially linking two networks together with no firewall or security in between.It opens up a way for anyone in the same VPN Network as you (or the internet if your VPN connection gives you a public IP) to access anything on your Local Network, or if you VPN home, a way for the network you are on, or again the Internet if you have a public IP address on your local area connection to access your home network.

As for the problem at hand, I'm afraid I'm not 100% sure of your scenario, are you able to elaborate a bit more? From what I can understand you have a VPN Server at home that you can connect back to while you are away with a laptop (for example at a hotel), and bridging your Internet Connection (local area network) and Viscosity adapter on your laptop while away resolves a DNS issue looking up computer names when you have established a VPN connection back home. Is this correct?

Regards,

Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

scottslabs

Posts: 4
Joined: Thu May 01, 2014 11:34 pm

Post by scottslabs » Fri May 02, 2014 3:12 am
Thanks @Eric. I use an external VPN service (Torguard), using the Viscosity virtual adapter to connect to that service.

Without the adapters bridged...although I can communicate fine internally with all networked devices, i.e. 192.x to 192.x, etc., I cannot access my Home PC outside of home network over the Internet via hostname/dynamic IP, i.e. myhostname.dynamicserviceprovider.com.

Based on your input...when adapters are bridged, all incoming Internet traffic is being treated as internal network traffic and bypasses the router firewall, so my guess is something to do with router configuration.

Notes 1) I notice the adapters are on separate subnets, 2) I have appropriate port forwarding established in router, 3) hostname connections work fine without VPN established.

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Fri May 02, 2014 7:54 am
Hi scottslabs,

Your dynamic name service provider will have an application running on your PC which regularly reports back your public IP address (that of your ISP) so when you use your host name external to your network, the request is sent to your router and then onto your home PC.

The issue when you connect to a VPN Service Provider is your external IP changes, so your dynamic IP is being reported to your Dynamic Name provider is your VPN Providers. When you then use this DNS name, it is instead pointing to your VPN provider which will be blocking traffic from going into their network for their users security, instead of that request landing at your router.

So there are one of two reasons that bridging your network adapters is working:
1. Your VPN Provider has no firewalls in place and you are being given a public IP address visible to the Internet. When you hit your VPN Provider IP with your dynamic DNS, traffic is getting passed through. This is highly unlikely though and is still a big security hole to leave open.
2. When you bridge the connections, it is probably destroying all the routing that is pushing your data to your VPN Provider, meaning even though your VPN Connection is active, most likely it isn't actually doing anything and all your traffic is going to the Internet as if you were not connected at all.

So you have three options to resolve this issue so you don't have to use bridging:
1. Use another PC on your network that doesn't use VPN or your router (if it has the capability) to report your public IP to your Dynamic Name Service. Some providers also have apps for phones or tablets which you can use to send an update only when required.
2. Setup routing so the application reporting your IP to your Dynamic Name Service is sent through your normal Internet connection. You can do this by editing your connect and going to the Network tab. You will need to ask your Dynamic Name Service Provider what IP addresses you will need to route. You need to add a new route for each IP address required and set the Subnet mask to 255.255.255.255 and the Gateway to Local Network Gateway - http://www.sparklabs.com/support/routin ... lications/
3. If your ISP assigned IP address does not change regularly, close the reporting application before you connect to a VPN Server. You can setup Viscosity to do this automatically via scripting - http://www.sparklabs.com/support/viswin_scripting/

Please let us know if you need clarification on anything.

Regards,

Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

scottslabs

Posts: 4
Joined: Thu May 01, 2014 11:34 pm

Post by scottslabs » Fri May 02, 2014 8:25 am
Thanks @Eric for the in-depth insight and solutions. I had assumed my hostname was simply routed to my computer via VPN, but did not consider my PC wasn't the one asking for the connection.

Possibly more troubling is that I posted this very question, at the same time, to my VPN service provider support forum and their tech support simply responding with 'no', as in no problem bridging the adapters, with no other explanation. Guess it's time to find a new VPN SP :-)

Thanks again!

-Scott

scottslabs

Posts: 4
Joined: Thu May 01, 2014 11:34 pm

Post by scottslabs » Wed May 07, 2014 3:12 am
@Eric,

After having an understanding, I discovered there was an option in my DDNS updater client to bind it to my local network adapter. Thanks again!

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Wed May 07, 2014 1:35 pm
Great to hear you've found an easy solution, Scott!

Cheers,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
7 posts Page 1 of 1