Home > Development, Tips > VPN: Virtual Pain in the…

VPN: Virtual Pain in the…


For a while now, I’ve been working on projects with a distributed team in-house.  When we first moved in house for a client, it was the first in-house project our company had taken (at least since I had been there) with a team this large and this spread out.  A majority of the team resided in the main office, but we had one person in Atlanta, and the other in Phoenix.

We decided to set up a VPN server, and because it was my choice and because, at the time, it was for that project only, we chose to use Microsoft’s RAS Server.  Thus far, it’s worked pretty well, but as anyone who uses a VPN will tell you, it can be a PITA sometimes.

 

Default Gateway Slows Internet Connection

The first issue I didn’t like was how every request out to the internet first passed through the office gateway.  This meant when I was downloading from MSDN I was getting pathetic download rates.  We figured out a small way around this.  My screenshots are from Windows 7, but Vista is similar.  If you have XP, well, I hope you can figure it out.

First, click on the Network tray icon.  If you’re connected wirelessly, it looks like bars on your cellphone.

Network Tray Icon

Network Tray Icon

 A popup will appear with all your network connections – including your VPN.  Just right click your VPN connection and choose Properties.  Click the Networking tab, and then select IPv4 in the list.  Click the Properties button to open the properties for IPv4.

 

VPN IPv4 Properties

VPN IPv4 Properties

 

All you have to do is uncheck Use default gateway on remote network.  Now, your computer won’t pass requests through your work gateway.  This should increase your connection speed to the internet, but may have performance issues when connecting to your internal network.  Also, if you like to do things you shouldn’t be doing while working, like chatting over IM, updating your facebook status, twittering, or surfing ebay, this will keep big brother off your back.  Don’t worry, I won’t tell.

Connectivity Lost to VLANS

Also, we have discovered that due to routing in our development area, access to our DMZ is restricted when you are not coming from the inside.  So, in order to fix our ability to connect to the DMZ, we had to add some routes to our machines through the command line.  You should ask your network admins for help on this, but here’s what tha command looks like:

route add <destination ip> mask <subnet mask> <the ip the vpn server assigned you>

 

This works best if you have a static IP.

 

Passing Active Directory Credentials Automatically

Okay, so now that my connection outside my internal network is fast, and I’m not passing requests through the office gateway, another issue I have, as a developer, is connections through Sql Server Management Studio to database servers inside the network.  As the person who started the network policies for my company, we have chosen to use Active Directory and Groups for everything.  Each project that is done internally has a few groups for different roles of people involved on the project.  I like the idea of using groups rather than granting individual access, because then if someone leaves the company or changes projects it is a simple matter to change or remove their access.

The problem with this solution was that those of us outside the network using the VPN were constantly being polled for credentials, and SSMS doesn’t work unless you know the sa password.  Well, I was shown the light by another consultant who recently came off a client site.  So, here’s how to automatically send your network credentials to any servers you connect to.

So, open your start menu, and in Control Panel select User Accounts. On Windows 7, in the upper left corner there is a link to Manage Credentials.  In Vista, it’s called Manage Your Network Passwords.  The window that opens up allows you to set up connections to machines and it will store your network credentials to send to that machine over your local credentials.  The benefit here is that when you connect using Management Studio, if you have ever tried to connect through windows, it auto selects your local account and won’t let you change it.  When you add a network credential, it will still show your local account, but it will actually pass in the saved credentials.

 

Network Credentials

Network Credentials

 

One of the cool things you should notice is that you can back up the vault and then restore it to another machine. So, click Add a Windows Credential.

 

New Windows Credentials

New Windows Credentials

 

The form is pretty self explanatory.  The Internet or Network Address should actually be your server name.  I strongly recommend not using IP addresses.  For the User name, use the DOMAIN\username of your network account.  Click Okay and the next time you connect to that machine, your network credentials will be passed as if you were on the network.

Hopefully my tips here will help anyone having the same bothersome issues we went through.  If you have any other tips, please feel free to share them in the comments.

Advertisements
Categories: Development, Tips Tags: , ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: