In reply to a post by jabuzzard:

Given the amount of time I have spent helping people because their work IT don't support setting up your home internet I have to disagree with you. I have personally prior to March of this year never come across one that does.

Very likely the people you have kindly helped are supported by IT departments that are as Andrew described in the post that triggered this sub thread.

In reply to a post by rob_gee:

Thanks Andrew, I'll give this one a go too. I know that one of the IT guys did try to connect using Teamviewer and wasn't able to do so, so it sounds like it's definitely worth a try

My understanding is that TalkTalk blocks TeamViewer by default and if you want to use it you need to contact then to allow it explicitly. There's no way for you to enable it directly yourself.

Found the post I was looking for here.

The other is still relevant look for L2TP/ PPTP passthrough and enable that.

In reply to a post by MattL:

The other is still relevant look for L2TP/ PPTP passthrough and enable that.

It should not make a difference, as the VPN was able to connect.

Anyone using PPTP needs to go on a security course. It should have been scrapped with NT 4.0

GlobalProtect appears to be a suite of offerings, and it is unclear which ones are enabled on the OP's device. The likelihood is that it is a TLS VPN for maximum compatibility.

The biggest problem with stuffing everything down the tunnel is that all your local devices all of a sudden disappear. The biggest complaint being your network attached printer (because any printer not connected via the network is a waste of space).

I would note that under Linux even if your IT department try and put everything down the VPN to rewrite the routing table after the VPN is up to change that. Probably easy under other OS's if you know what you are doing. I used to do it routinely at my previous employer as their VPN policy followed the same stupid model.

Finally the VPN model is now out of fashion. You are making the assumption that everything inside your network is trustworthy... Security in depth is the new mantra.

Indeed, but then given we have prior to that no experience in providing that support there is a sever shortage of experience in doing so. Also like I pointed out you can't give much support in something you have no experience of. So a Virgin Media connection I can't help with for example.

In reply to a post by jabuzzard:

I would note that under Linux even if your IT department try and put everything down the VPN to rewrite the routing table after the VPN is up to change that. Probably easy under other OS's if you know what you are doing. I used to do it routinely at my previous employer as their VPN policy followed the same stupid model.

Of course. And I suspect there is a race between the root user and the VPN client with each version. A race the root user will always win.

Finally the VPN model is now out of fashion. You are making the assumption that everything inside your network is trustworthy... Security in depth is the new mantra.

Yep, the Zero Trust model, where your data/application lives in a conceptual island, and your authentication is multi-factor (E.g. device cert + user credentials + token etc).

Exactly the model my corporate (~300,000 staff) has adopted for the last 5 years. We still have a lot of systems/applications on our internal network, so we have VPN as well, just don’t always need to connect it. It has been split tunnel for over 20 years.

The Citrix Workspace app these days is pure HTTPS over port 443. Presumably to avoid all these sorts of issues. I wanted to double check on that because it has changed over the years (along with the name which seems to change every five minutes).

If the showtime is a couple of days and it works fine tethered to a mobile, then assuming it still does not work over ethernet then I would consider blaming the POS that is whatever router was provided by the ISP. If it works fine over ethernet but not WiFi then I would still blame the POS that is the ISP provided router.

The talktalk hub works fine on Cisco VPN, absolutely.

I can sustain 9 hours via Cisco VPN and Citrix VDI without dropouts on next doors WiFi (we share our passwords for various reasons).

They have the latest one. It’s all very odd to be honest and I’m struggling...

Post deleted by gary333

Edited by gary333 (Wed 09-Dec-20 09:53:56)