Receive notifications of new posts by email. Now, the Route Details pane from An圜onnect looks like that: (No time gap between both requests anymore): The following screenshot shows the DNS requests as I did a simple Solution: After I added the 8.8.8.8 IPv4 address to the tunnelled network list in the group policy, Windows used this DNS server and requested both records (A and AAAA) directly. (Note the time gap between both DNS requests as a result from my two different pings above): More interestingly, Windows did not use the configured DNS server in the group policy from the An圜onnect profile (in my case: 8.8.8.8), but the DNS server that is configured on the hardware interface. Ping -6, it requested a type AAAA record. Ping ) Windows ONLY requested a type A record via DNS. Some troubleshooting with Wireshark revealed that in the first case (when pinging a host such as The An圜onnect route details looked quite ok:īut the system did not use IPv6 until the user triggered it explicitly:
But IPv6 still worked if it was requested specifically such as “ping -6 ipv6-only-host”. The result was, that simple “ping ipv6-only-host” commands threw an error such as “unknown host”, PuTTY was not able to get the IPv6 address of IPv6 hosts in general, and web browsers used IPv4 per default.
However, this leads to strange behaviours with Windows 7 since IPv6 was NOT preferred over IPv4 anymore and IPv6 domain lookups did not work anymore, too. I am using this policy when I reside on trusted networks that only have IPv4 access to the Internet.
When the software has finished installing, click Close.
This encrypts all internet traffic from your computer but may inadvertently block you from using resources on your local network, such as a networked printer at home. You can confirm that split-tunnelling is working or not by connecting with your VPN client and looking at the routing information. You connect to your VPN and can no longer browse the internet from your remote location. All non-Stanford traffic proceeds to its destination directly. Here I’m dealing with An圜onnect VPNs, but the principles are exactly the same for both remote IPSEC and L2TP VPNs. This routes and encrypts all traffic going to Stanford sites and systems through the Stanford network as if you were on campus.
When using Stanford's VPN from home, we generally recommend using the Default Stanford split-tunnel VPN. To connect to the VPN from your Mac you need to install the Cisco An圜onnect VPN client. Stanford's VPN allows you to connect to Stanford's network as if you were on campus, making access to restricted services possible.
The built-in VPN client for Mac is another option but is more likely to suffer from disconnects.
Cisco An圜onnect is the recommended VPN client for Mac.