Location Services

last person joined: 5 hours ago 

Location-based mobile app development and Bluetooth-based asset tracking with Meridian. Gathering analytics and business intelligence from Wi-Fi with Analytics and Location Engine (ALE).
Expand all | Collapse all

Is split-tunneling, within the VIA connection profile, configurable?

Jump to Best Answer
  • 1.  Is split-tunneling, within the VIA connection profile, configurable?

    Posted May 03, 2016 06:41 AM

    Greetings all,

     

    The split-tunneling command within the VIA connection profile, appears to be all one or the other - either on or off.   Is there any way of configuring this, so that (for instance), using some kind of ACL, a VIA user could print to the printer on their (home/local) network directly?   Obviously this would have to take into account local IP addressing, which would be outside of central admin control/knowledge and non-unique across the enterprise...

    I'm wondering if a) this could be done with the AOS / VIA config itself or whether it could be/would need to be 'hacked' by manipulation of the local PC's routing table, outside of the AOS / VIA process..?   The latter doesn't sound very easily repeatable, for a large enterprise...

     

    BTW - it doesn't seem there's a natural board, within Airheads, for VIA enquiries - where do people usually post them?



  • 2.  RE: Is split-tunneling, within the VIA connection profile, configurable?

    Posted May 03, 2016 06:55 AM

    The split tunneling on VIA can only be configured by network, NOT by protocols.



  • 3.  RE: Is split-tunneling, within the VIA connection profile, configurable?

    Posted May 03, 2016 07:25 AM

    Thanks for replying Colin - are you able to point out where this functionality is covered in the documentation?



  • 4.  RE: Is split-tunneling, within the VIA connection profile, configurable?
    Best Answer

    Posted May 03, 2016 07:47 AM


  • 5.  RE: Is split-tunneling, within the VIA connection profile, configurable?

    Posted May 03, 2016 08:12 AM

    Fantastic - so, from that, I glean the following:

    As you have to nominate the networks TO tunnel, the most security conscious will want to configure 0.0.0.0/0  (tunnel everything) - but this clearly allows no local (print) traffic.   If you want local traffic to stay local, in an ideal world you'd want the ability to nominate just specific RFC1918 addresses (most likely, 192.168.0.0 255.255.0.0) to stay local - but it appears you can only do that by exception  (i.e. define specific tunneling for everything excluding 192.68.0.0/16).   This is OK - if a little more complex - but what happens if you have a corporate service that lies on the main network and uses an address within 192.168?  Can you use NAT to handle this, from within the VIA config?   It would seem to be a potentially complex area, possibly requiring per-user config?  (which is really horrible, for a big client base)



  • 6.  RE: Is split-tunneling, within the VIA connection profile, configurable?

    Posted Apr 28, 2019 03:33 AM

    Can I access to view VRD?

    The page shown "You do not have sufficient privileges for this resource or its parent to perform this action.".



  • 7.  RE: Is split-tunneling, within the VIA connection profile, configurable?

    Posted Apr 28, 2019 04:29 AM