VERSION|0.4.7.1|SUBJECT|VPN split tunneling|CONTENT|I&#039;m big on security, but not at the expense of usability and privacy.  When it comes to VPN connections, I prefer split tunneling.  Split tunneling means instead of forcing all traffic through the VPN, only traffic destined for the remote subnet goes through the VPN.

Here are my arguments:

1. Forcing all traffic through the VPN doesn&#039;t provide a lot more security because:
    a. Traffic is encrypted from the user to the other end of the VPN, but not from there to the final destination.
    b. Traffic destined for external networks probably do not need to be secured anyways.
    c. The VPN client can usually be turned on and off at any time.
    d. When &quot;local lan&quot; is enabled, the computer connected to the vpn is still susceptible to attack from the public non-secured network by tunneling through another computer on the LAN first.

2. Forcing all traffic through the VPN causes all of the following problems:
    a. Traffic between a user and external computers can be slowed down considerably.
    b. Traffic for others inside the secured network is slowed down by a VPN user needlessly.
    c. Certain protocols may be broken.
    d. Network applications get disconnected during VPN connection and must re-connect.
    e. Privacy.  Personal traffic like emailing your spouse should not be forced to travel through your work network.

Disabling split tunneling may be ok for road-warriors, but for employees who work from home and need to constantly access both work resources and the Internet, it can be very annoying.
|CATEGORIES|3|DATE|1210374199