Question Circumventing forced VPN tunneling?

[Araphen]

The net admin at work messed up the VPN settings so it now forces all client traffic through the VPN which breaks loads of stuff for remote users and he refuses to change it back because he thinks it fixed drive map issues (it didn't).

My plan is to just set up a virtual machine and install the VPN software on it then RDP into work through that but I can't decide which to use since I'm pretty new to this. I got hyper v working but it's too resource intensive so I tried moving it to my plex server and adding my plex server to my Hyper v manager but that's being a huge pain. I spent 6 hours on it and it's one error after another with zero progress.

Windows sandbox looks great and is super low on resource usage but there's no way to save state or reload once it's set up.

I was gonna look into VMware next but I think I'd have to pay for that.

Is there something like windows sandbox that doesn't delete itself on close?
Is there a better alternative to circumvent forced tunneling?

 

[USAFRet]

Who is in charge of this network?
You? The admin? Your boss?

You don't "circumvent" anything.
You collectively come up with a plan and configuration that works for the company.

Is this plex server a company tool or resource?

 

[Araphen]

Who is in charge of this network?
You? The admin? Your boss?

You don't "circumvent" anything.
You collectively come up with a plan and configuration that works for the company.

Is this plex server a company tool or resource?

The admin is in charge of the network but constantly breaks things. He makes changes like this without regard for the impact on anyone else and even if the CIO complains his response is basically "that's the way it is now because [reason that makes no sense]". He's new so we try to give him room to make mistakes and learn since finding a new net admin is a huge pain but I don't think he'll last much longer at the rate he's causing problems. But managing him isn't my job and in the mean time I have to be able to do my work efficiently.

This change happened yesterday so once others notice they'll probably complain too and it might get reversed in a couple weeks but it also might not which is why I'm trying to circumvent his changes.

My plex server is a personal computer at home. They don't care if you use personal gear

 

[Ralston18]

My recommendation is to just stay out of it.

Give the new admin time to "hang himself". Do not give him the rope as you may get entangled.

Do not put your home plex server at risk: who knows what else might happen.

One of those situations where you could end up being blamed (rightfully or wrongfully) as the "bad guy". Or otherwise made the scapegoat.

 

[Wolfshadw]

The first step is to talk to the Net Admin. Let him know that the changes he made are interfering and this mission critical software is no longer functioning. That SHOULD be enough for him to double check his work and for the two of you to come to a reasonable solution. If, however, that is not the case, then the TWO of you need to meet with the CIO; each of you explaining your side of the disagreement and the CIO makes the decision of which way to go.

That's how it's supposed to work.

-Wolf sends

 

[Araphen]

My recommendation is to just stay out of it.

Give the new admin time to "hang himself". Do not give him the rope as you may get entangled.

Do not put your home plex server at risk: who knows what else might happen.

One of those situations where you could end up being blamed (rightfully or wrongfully) as the "bad guy". Or otherwise made the scapegoat.

Loving the analogies but I think I haven't really conveyed the situation clearly. His actions have made my job much more difficult. He's aware it's made work difficult for remote workers and doesn't care as he thinks this has fixed an auto-drive map problem for people hardwired into the network (it hasn't. how would it?).

I don't know how long it'll be, if at all, until he fixes his mistake. Until that point I'm choosing to be resourceful and circumvent his change so that I can continue working remotely and not butt heads with him or get involved in any drama. So yeah I'm staying out of it.

I got my hyper v VM up and running on my plex server and it works fine for this purpose. I'm not a virtual machine guru by any means but the connection is from inside a vm so I'm not worried about work getting ransomware'd (again) and tunneling into my vm then breaking out and encrypting my plex server. Even if it did I have offline and cloud backups.

I know it's another vector through which something could get on the work network but it's small compared to the other problems with that network. After we got ransomware'd we changed some of the admin account credentials one of which went from admin/administrator to admin/rotartsinimda which is written (by the net admin) on a white board in IT because he keeps forgetting what "administrator" spelled backwards is. Security is a joke there so I'm willing to take the risk and the blame if it blows up for the sake of making my job easier.

The first step is to talk to the Net Admin. Let him know that the changes he made are interfering and this mission critical software is no longer functioning. That SHOULD be enough for him to double check his work and for the two of you to come to a reasonable solution. If, however, that is not the case, then the TWO of you need to meet with the CIO; each of you explaining your side of the disagreement and the CIO makes the decision of which way to go.

That's how it's supposed to work.

-Wolf sends

Ideally that would work but about a dozen remote workers have already complained that his change has broken things and he's refusing to admit it fixed nothing and caused yet more problems. Unfortunately someone on helpdesk identified the drive map problem today and fixed it (did the net admin's job for him) so the net admin will likely accredit it to his forced tunneling change and tell everyone else to deal with it.

Taking this to the CIO is the nuclear option and basically a direct accusation that the net admin is incompetent. I think that needs to be done but it's not my place to do it. I'd prefer to avoid the work place drama.

 

[Krotow]

Wow, slow down. Are you talking about your private computer or your employer's computer? Where this is happening? In your work office or you have remote job at home?

Only if you are at home and that is your private computer, then probably is possible to put your work OS and environment in VM. In all other cases - DON'T! Full stop here. You will make things worse at in end face consequences, including your termination.

 

[Araphen]

Wow, slow down. Are you talking about your private computer or your employer's computer? Where this is happening? In your work office or you have remote job at home?

Only if you are at home and that is your private computer, then probably is possible to put your work OS and environment in VM. In all other cases - DON'T! Full stop here. You will make things worse at in end face consequences, including your termination.

It's a personal computer. We have the go-ahead to use personal gear.

My work requires the use of a VPN client to access the work network and has recently made a change to the program which now forces all traffic on the client's remote computer (my computer at home) through the VPN which breaks loads of things.

Any ideas that may be better than a whole virtual machine? Seems like overkill to isolate a dominative VPN client

 

[Ralston18]

I am in agreement with @Wolfshadw.

Talk with the Net Admin first.

Then you and everyone else (remote workers) should start documenting things: events, problems, consequences, times, dates, etc..

Keep it all factual and professional. Details, documents, emails, etc..

So when you do need to escalate to the CIO you will have more than just "accusations".

And again - stay completely out of it with respect to anything that could be construed as doing the "Net admin's job".

Or trying to "work around" him and what he does or does not do....

If you try to do things that are not your job that could backfire and be used against you. Or even give the Net admin an "out" because of what you did/tried to do, etc..

 

[Araphen]

I am in agreement with @Wolfshadw.

Talk with the Net Admin first.

Then you and everyone else (remote workers) should start documenting things: events, problems, consequences, times, dates, etc..

Keep it all factual and professional. Details, documents, emails, etc..

So when you do need to escalate to the CIO you will have more than just "accusations".

And again - stay completely out of it with respect to anything that could be construed as doing the "Net admin's job".

Or trying to "work around" him and what he does or does not do....

If you try to do things that are not your job that could backfire and be used against you. Or even give the Net admin an "out" because of what you did/tried to do, etc..

Already talked to him as have multiple remote workers.

I've been documenting things for months now but like I said earlier, the people in charge are giving him loads of time to make mistakes and learn. But like I stated above, I won't be taking anything to the CIO myself because it's not my place.

I have no option but to "work around" him. If someone replaces your car tires with granite cubes (greatly impedes your work efficiency) you don't attempt to drive that. You find alternate means to accomplish the same goal. Ideally you'd put your tires back on (revert the change) but since the obvious solution isn't available to me I'm taking an uber (circumventing his change).

People normally say my analogies are crap but I think that one was alright.

I'm breaking no rules, it's just a pain to figure out. The only idea I have is a virtual machine which I think is overkill and I'm asking for other ideas. I acknowledge everyone's opinion that it's a bad idea but those opinions are from a lack of understanding of the situation. So can we move on from the "I don't think you should do that" replies?

 

[ex_bubblehead]

Folks here are going to continue to tell you not to try and circumvent your employer's security in any fashion as it places you in a position to be terminated for such actions. It doesn't matter one whit what your justifications are.

 

[Zerk2012]

Already talked to him as have multiple remote workers.

I've been documenting things for months now but like I said earlier, the people in charge are giving him loads of time to make mistakes and learn. But like I stated above, I won't be taking anything to the CIO myself because it's not my place.

I have no option but to "work around" him. If someone replaces your car tires with granite cubes (greatly impedes your work efficiency) you don't attempt to drive that. You find alternate means to accomplish the same goal. Ideally you'd put your tires back on (revert the change) but since the obvious solution isn't available to me I'm taking an uber (circumventing his change).

People normally say my analogies are crap but I think that one was alright.

I'm breaking no rules, it's just a pain to figure out. The only idea I have is a virtual machine which I think is overkill and I'm asking for other ideas. I acknowledge everyone's opinion that it's a bad idea but those opinions are from a lack of understanding of the situation. So can we move on from the "I don't think you should do that" replies?

Adding myself to the list of people recommending you step back on this one.

 

[Araphen]

Folks here are going to continue to tell you not to try and circumvent your employer's security in any fashion as it places you in a position to be terminated for such actions. It doesn't matter one whit what your justifications are.

I'm breaking no rules

They don't care if you use personal gear

he thinks this has fixed an auto-drive map problem for people hardwired into the network

Everything I'm doing is fine and the change wasn't for security's sake.

 

[ex_bubblehead]

Everything I'm doing is fine and the change wasn't for security's sake.

Disabling split tunneling IS a security measure. At any rate I'm out. You do as you wish and let the chips fall as they may. However, speaking as a network admin, if anyone attempted to bypass ANY of my security, for ANY reason, they'd find themselves immediately blocked from all network access and reported to the appropriate authority for immediate termination.

 

[Araphen]

Disabling split tunneling IS a security measure. At any rate I'm out. You do as you wish and let the chips fall as they may. However, speaking as a network admin, if anyone attempted to bypass ANY of my security, for ANY reason, they'd find themselves immediately blocked from all network access and reported to the appropriate authority for immediate termination.

alright cool and i wouldn't do it if i weren't allowed. It was only enabled in the last few days and not for security reasons. Anyone wanna help with the actual question though?

 

[logainofhades]

We cannot discuss bypassing your employer's security here. /closed