Always On VPN Client Proxy Settings

%3CLINGO-SUB%20id%3D%22lingo-sub-2160866%22%20slang%3D%22en-US%22%3EAlways%20On%20VPN%20Client%20Proxy%20Settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2160866%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3BI%20have%20two%20clients%20that%20are%20using%20Always%20On%20VPN%20to%20allow%20remote%20working.%26nbsp%3B%20AOVPN%20works%20well%20for%20both%20customers.%20We%20are%20currently%20running%20Windows%2010%201909.%3C%2FP%3E%3CP%3E%26nbsp%3BWe%20have%20an%20issue%20though%20when%20we%20use%20a%20split%20tunnel.%20The%20idea%20being%20that%20the%20user%20is%20able%20to%20access%20the%20Internet%20directly%20from%20the%20browser%20for%20any%20site%20that%20is%20not%20hosted%20on%20premise.%20For%20example%20Office%20365.%3C%2FP%3E%3CP%3E%26nbsp%3BBut%20when%20the%20user%20connects%20via%20the%20VPN%20and%20starts%20Edge%20the%20browser%20traffic%20is%20directed%20to%20the%20on%20premise%20proxy%20server.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3BFrom%20looking%20at%20the%20documentation%20when%20a%20split%20tunnel%20is%20used%20the%20generic%20proxy%20settings%20should%20be%20applied.%20Both%20clients%20have%20Edge%20configured%20with%20Automatic%20proxy%20setup%20and%20have%20defined%20a%20script%20address%2C%20so%20they%20are%20using%20a%20proxy%20pac%20file.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3BBut%20in%20the%20Edge%20proxy%20setup%20page%20it%20notes%20%22%20These%20settings%20do%20not%20apply%20to%20VPN%20Connections%22.%3C%2FP%3E%3CP%3E%26nbsp%3BBut%20they%20appear%20to%20from%20our%20experience.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3BIs%20this%20expected%20behaviour%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3BHave%20we%20missed%20something%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3BWe%20can%20disable%20the%20script%20and%20the%20browser%20works%20correctly%20but%20we%20really%20don't%20want%20to%20allow%2Fhave%26nbsp%3B%20users%20the%20ability%20to%20disable%20the%20script.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3BIf%20I%20look%20in%20the%20old%20Internet%20Opitions%20dialogue%20and%20look%20at%20the%20connections%20TAB%20the%20VPN%20tunnel%20appears%20listed%20in%20the%20%22Dial-up%20and%20Virtual%20Private%20Network%26nbsp%3B%20settings%22%20box.%20If%20I%20click%20the%20settings%20button%20here%2C%20no%20proxy%20is%20set.%20So%20it%20appears%20the%20tunnel%20is%20recognised%20as%20a%20VPN.%26nbsp%3B%20%26nbsp%3BIE%20also%20uses%20the%20internal%20proxy%20so%20it%20is%20not%20an%20Edge%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3BI%20know%20if%20we%20are%20using%20a%20Forced%20tunnel%20we%20can%20configure%20the%20proxy%20settings%20for%20the%20tunnel%20via%20the%20XML%26nbsp%3B%20but%20I%20don't%20believe%20we%20can%20do%20this%20for%20a%20split%20tunnel.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3BIs%20there%20any%20way%20we%20can%20get%20Edge%20to%20recognise%20the%20VPN%20tunnel%20and%20not%20use%20the%20on-premise%20proxy%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eregards%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBrian%3C%2FP%3E%3C%2FLINGO-BODY%3E
Established Member

Hello,

 I have two clients that are using Always On VPN to allow remote working.  AOVPN works well for both customers. We are currently running Windows 10 1909.

 We have an issue though when we use a split tunnel. The idea being that the user is able to access the Internet directly from the browser for any site that is not hosted on premise. For example Office 365.

 But when the user connects via the VPN and starts Edge the browser traffic is directed to the on premise proxy server. 

 From looking at the documentation when a split tunnel is used the generic proxy settings should be applied. Both clients have Edge configured with Automatic proxy setup and have defined a script address, so they are using a proxy pac file. 

 But in the Edge proxy setup page it notes " These settings do not apply to VPN Connections".

 But they appear to from our experience. 

 Is this expected behaviour ?

 Have we missed something ?

 We can disable the script and the browser works correctly but we really don't want to allow/have  users the ability to disable the script. 

 If I look in the old Internet Opitions dialogue and look at the connections TAB the VPN tunnel appears listed in the "Dial-up and Virtual Private Network  settings" box. If I click the settings button here, no proxy is set. So it appears the tunnel is recognised as a VPN.   IE also uses the internal proxy so it is not an Edge issue.

 I know if we are using a Forced tunnel we can configure the proxy settings for the tunnel via the XML  but I don't believe we can do this for a split tunnel. 

 Is there any way we can get Edge to recognise the VPN tunnel and not use the on-premise proxy?

 

Thanks in advance,

 

regards

 

Brian

0 Replies