VPN - Switching LTE to WIFI

E

EvilAlchemist

2[H]4U
Joined
Jan 11, 2008
Messages
2,730
We are deploying Surface 3 Tablets in our patrol cars very soon.

I have been doing field tests and only run into one situation I can't quite figure out how to resolve.

Tablets have LTE and SonicWall VPN Extender --> Works Great in Field Tests

The issue comes up with units arrive at the Station, the Tablets WiFi turn on and the VPN sometimes connects.
(Not a Huge Deal since VPN not needed on local network at Station)

When they leave, the VPN just spins and won't reconnect when the LTE Service is back in service.
(I admit, more testing is needed to confirm that this happens all the time or to get a % of occurrences)

I could disable the WIFI completely, except I want the tablets to continue to get Windows Updates.
I could manually update them every few months but trying to avoid that due to volume deployed.
Anyone have some suggestions on a solution to make this more seamless a transition for users.

One Solution:
I *could* write a script to enable wifi and download updates but i don't know how often they will remember to use it.
 
I'm guessing this won't help much, but we use a different VPN product that is built to deal with this exact type of thing. I am guessing you might have the same special needs we do. We have a number of officers, and fire fighters that need to have static IP addresses due to licensing/application security requirements. So we have a product called Netmotion. It would do the same thing that your Sonicwall VPN Extnender does though.

My other thought is maybe being able to do something through Group Policy and location services or something like that. I can't remember where I read about it, but I remember someone doing something like that at one point.
 
No way to simply Bind the SoncWall VPN extender to only use one interface? Maybe using a static route? Add a static IP route: TCP/IP Setup the system so that if it wants to connect to the WAN subnet IP of where ever the VPN is connecting to travel out that interface.

You could probably also use the firewall to strictly block the VPN software from connecting to wifi by putting a block rule for it's application on the "private" connection and allowing it through the public one. I'm not sure how the program would respond to that though. I'd guess you already have the LTE connection set for metered so Windows updates don't try to download over that connection.

Allow network traffic only for specific programs in windows 7

Not sure if any of that would work, just throwing out a couple ideas to try. I'd guess the problem comes with the program still thinking that the wifi interface is active and trying to use that over the LTE. If you can prevent it from ever trying to use the Wifi connection that might solve the issue.
 
bman212121 said:
I'd guess you already have the LTE connection set for metered so Windows updates don't try to download over that connection.
Click to expand...

Yeah Windows 10 already sets all LTE connections as metered so one hurdle I don't have to deal with.

I gonna keep trying some things and review the suggestions above. Try and come up with an "idiot Proof" solution for the end users or as close to one as i can get.
 
Is the VPN termination hosted at the station? If so that's likely your problem. VPN'ing into the network you are connecting from sometimes causes issues on Windows.

On our company network the WiFi is on its own separate public IP and completely firewalled from the company LAN and internet. The only traffic we allow is the VPN traffic to the VPN terminator. This solves the problem of initiating a VPN tunnel to the same network you are on. It also solves the issues with WPA security holes. Yes, the VPN is required all the time and some people view it as a hassle, but it's secure. IMHO companies, especially government owned facilities, should never have WiFi that allows any traffic onto the company LAN. Another big benefit of forcing the use of VPN on the WiFi is that it limits what devices can be connected.

Something else you'll want to look to see if your VPN software supports is "allow client changing of public IP" or something of that sort. Most likely a setting on the VPN server and client. Sometimes it's called network roaming also.
 
You must log in or register to reply here.
Back
Top