Hi,
One of our customer where we have an installation and a feed from them to allow us to get access to internet is saying that when the computer establish a VPN connexion to the eWON, the internet browsing coming from the computer was using the customer internet and not the internet of the computer, is there a way to secure that part so the regular internet browsing come from the computer and not the customer internet ?
Are you saying that when they are connected to an Ewon using eCatcher, they are using the VPN connection for internet browsing? This is not possible.
If that’s not what you are saying, please clarify the question.
Thank you,
Kyle
Well from my understanding, if a user connect to an eWON device installed remotelly on another location where the internet link is provided from a different network, the internet browsing is made using the remote internet and not the local internet … the remote location sniff the traffic and was capturing browsing from the computer through the remote location.
Usually, when we deploy industrial network at a customer, we ask them to provide us with internet, sometime the customer feed us with their own network and create firewall rules like stated on your website to allow us to connect to eWON, so it this type of installation, we have a customer that was seeing that type of traffic …
This is simply false. You can see this by a simple test. Connect to the Ewon with eCatcher. Run “route print” from your command line. You will see that only the traffic for the Ewon’s LAN subnet is sent over the VPN. I will do this on my PC now:
My Ewon’s LAN is 192.168.50.0/24. You can see that only traffic to that subnet is routed through the VPN connection, 10.213.x.x. My default traffic is still going over 192.168.0.0/24, my local network.
Your customer is seeing something else. The only way this would be possible is for you to create a route on your remote PC to send your default traffic over the VPN and even if you did, that traffic would not go to the WAN network (the customer’s network). It cannot go any further than the LAN network, and any networks directly connected to it.