ChiefsPlanet Mobile
Page 6 of 6
« First < 23456
Nzoner's Game Room>IT issues... 2nd internet source suggestions?
Couch-Potato 03:30 PM 04-20-2021
Hello,

I have a problem, I want a second internet source in my apartment for work purposes. My new company monitors your internet traffic so I want to keep work and personal separate, can't have them knowing how much time I spend on CP! lol

Does not sound like a big problem, but its a harder problem than expected. Spectrum owns rights as a provider in my zip code, does not allow multiple router + modem options meaning you can't have 2 internet sources for a single apartment. No major wireless carrier (att, sprint, Verizon) can offer a truly unlimited plan for mifi device (none-phone hot spot box) that would allow me to work from home 5 days a week with multiple hours of video conferences per day. Verizon offers unlimited but only 20g of high speed before crawling to the slowest pace on the market, att only offers 35g then they charge you $10 per 2g above, forget t-mobile.

What to do? How to get reasonable, reliable, unlimited, worry-free, quality 2nd internet?
[Reply]
BryanBusby 03:11 PM 04-21-2021
Originally Posted by htismaqe:
Most places don't allow split tunneling anymore unless they're a small mom-and-pop and don't want to pay for the additional bandwidth.

And quite frankly if they're so cheap or setup so simple that they do allow split tunneling, I highly doubt their IT practices are sophisticated enough to actually spy on him like he thinks.
I've seen the number of places that have started using it increase as WFH increased.
[Reply]
DaneMcCloud 03:21 PM 04-21-2021
This may be a dumb question but why can't Couch-Potato just use a gigabit switch?

Plug his work laptop into one port, the X Box into another and so on?
[Reply]
digger 03:49 PM 04-21-2021

[Reply]
BryanBusby 04:49 PM 04-21-2021
Originally Posted by DaneMcCloud:
This may be a dumb question but why can't Couch-Potato just use a gigabit switch?

Plug his work laptop into one port, the X Box into another and so on?
Because. Alien's.
[Reply]
Couch-Potato 05:03 PM 04-21-2021
Originally Posted by digger:
Mobile device management applications are a standard in my industry.
[Reply]
eDave 05:22 PM 04-21-2021
Originally Posted by DaneMcCloud:
This may be a dumb question but why can't Couch-Potato just use a gigabit switch?

Plug his work laptop into one port, the X Box into another and so on?
This issue was resolved a long time ago ITT.
[Reply]
Ming the Merciless 05:35 PM 04-21-2021
Originally Posted by eDave:
This issue was resolved a long time ago ITT.

don't talk to Mr. McCloud that way, bitch.


I am his roadie.



[Reply]
eDave 05:46 PM 04-21-2021
Like what?
[Reply]
htismaqe 01:28 AM 04-22-2021
Originally Posted by BryanBusby:
I've seen the number of places that have started using it increase as WFH increased.
Yeah, it's all about what's driving the decision - control/security or cost. If a company simply can't afford the cost of the infrastructure they'll opt for split tunneling. I mostly work with government and financial institutions and they just can't give up their control, no matter how much it costs.
[Reply]
Saulbadguy 06:18 AM 04-22-2021
Originally Posted by htismaqe:
Yeah, it's all about what's driving the decision - control/security or cost. If a company simply can't afford the cost of the infrastructure they'll opt for split tunneling. I mostly work with government and financial institutions and they just can't give up their control, no matter how much it costs.
We implement it for services like Webex, Zoom, Teams - to reduce latency. Other than that, tunnel everything.
[Reply]
htismaqe 07:41 AM 04-22-2021
Originally Posted by Saulbadguy:
We implement it for services like Webex, Zoom, Teams - to reduce latency. Other than that, tunnel everything.
That makes sense but then you're probably whitelisting at the application (or at least the protocol/port) level, right? So your VPN clients still wouldn't have blanket access to the local network or anything.
[Reply]
stanleychief 08:52 AM 04-22-2021
Not sure if this would be a solution for the OP, as he seems to want completely separate WAN providers, but for academia purposes, it seems a device like this could provide robust physical LAN seperatation: https://shop.netgate.com/products/5100-pfsense



From my understanding, you would setup IGB0 as WAN, IGB1 as management LAN, and could then setup ports IX0 to IX3 (presenting as OPT1-OPT4 in pfSense), each capable of having their own IP subnet, firewall rules, and DHCP scope. In this way, ALL traffic would be completely isolated from each LAN segment on the OPT interfaces. You'd have to explicitly create a 'bridge rule' to allow traffic to pass between each IX port, if desired (which in his case, is not).

Am I understanding this correctly? So using the OP's situation:

IGB0 -> Internet provider
IGB1 -> Personal computer (IP subnet preset to 192.168.1.x)
IX0 -> Work computer (own IP network determined by DHCP settings in pfSense)

IGB0 would of course be the default gateway for IGB1 and IX0.

Physically separated LANs, shared WAN. Right?
[Reply]
DaFace 09:05 AM 04-22-2021
Originally Posted by TwistedChief:
Have you gotten the covid vaccine? If so, that's probably how they're monitoring your internet activity (i.e., the vaccine links to any device running a Microsoft OS). It sounds like you work for a reputable corporation given their overarching monitoring, so presumably you have really solid healthcare. If that's the case, you could consider cutting off your arm and replacing it with a prosthesis to sever (no pun intended) the monitoring link. Should be covered under healthcare and that altogether might be a cheaper option than trying to establish a new ISP.

Hope this helps.
I think this is the answer.
[Reply]
Saulbadguy 03:00 PM 04-22-2021
Originally Posted by htismaqe:
That makes sense but then you're probably whitelisting at the application (or at least the protocol/port) level, right? So your VPN clients still wouldn't have blanket access to the local network or anything.
Kind of - the client downloads a list of IP addresses , and those connections route through the local adapter rather than the VPN adapter.
[Reply]
Page 6 of 6
« First < 23456
Up