Q&A with Swen Baumann, product manager at NCP engineering

Posted: June 27, 2012 in Expert Q&A
Tags: , , ,

We recently spoke to NCP engineering’s Swen Baumann about split tunneling and its role in IPv6, and how to best deploy it when working remotely. 

VPN Haus: How is split tunneling impacted by IPv6 dual-stack networking?

Swen: The main thing to remember is, split tunneling needs to be specifically configured. For instance, in a “dual-stacked” world – which implements both IPv4 and IPv6 stacks — you will have to configure either both or just only one, depending on which stacks you plan to use. Once you’ve completed this configuration, split tunneling will be processed — no matter if the traffic is IPv4 or IPv6. Simply put, to enable split tunneling on IPv6, you only need to configure the stack – but otherwise it should run smoothly.

VPN Haus: How does split tunneling differ from inverse split tunneling?

Swen: I know it’s stating the obvious, but it’s inverse. Here’s what that means. With conventional split tunneling you configure some networks that are to be processed within the tunnel, which means there are others not be taken into the tunnel. With inverse split tunneling it is just the other way round. You configure those networks that are not be processed through the tunnel and all the rest will be taken into the tunnel. In other words, split tunneling becomes the rule — not the exception.

VPN Haus: In cases of split tunneling for the home office, do you recommend the corporate VPN be set as the default gateway to first route all traffic, dropping those requests deemed unnecessary to secure?

Swen: Usually yes. But ultimately, it depends on the security policies of the company. Generally, the recommended approach is to direct all of the traffic into the corporate tunnel, so that all of the company’s security protocols can apply to the traffic and fulfill the organization’s security needs.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s