Restore VPN after Hibernate

Message

jsteele · #1 Post by **jsteele** » Sat Aug 19, 2006 9:57 am

Anyone know of a way to restore a VPN connection after resume from hibernate? I've tried a thing called "HibernateTrigger" but it does not seem to want to run a ".LNK" (to the VPN connection).

JHEM · #2 Post by **JHEM** » Sat Aug 19, 2006 10:34 am

I'd be interested in any responses to this as I've never been able to hibernate or suspend without logging off my VPN and logging back in.

I've always thought it couldn't be done as one of the principal security measures of a VPN was the continuity of the connection.

Just wandering around my house and having my FIOS connection dropout and my Cable connection automatically acquired by Access Connections requires that I reconnect to the VPN, no "switching" allowed as my access algorithm dies with the connection.

Regards,

James

mikek · #3 Post by **mikek** » Sun Aug 20, 2006 6:27 am

Agree with JHEM. My experience is that it always drops. My company uses Cisco VPN. Again I'd be interested to know if this is the absolute position. Never seen any info anywhere about this.

jsteele · #4 Post by **jsteele** » Sun Aug 20, 2006 8:50 pm

From the "stunning" level of response it would appear that this is not going to be easy

I've googled and "asked" this using a variety of search terms and there isn't much helpful out there.

smugiri · #5 Post by **smugiri** » Sun Aug 20, 2006 9:53 pm

Linux users can try this approach

rebop · #6 Post by **rebop** » Sun Aug 20, 2006 10:15 pm

I am just beginning to play with my first Thinkpad, so might be off the mark, but, have you tried setting a connection in Access Manager and assigning the VPN to that? Seems that Access Connections will try to restablish the connection when the machine is back online and a VPN can be called from a custom setting.

Just a thought. Curious to see if it works for you.

Bob

JHEM · #7 Post by **JHEM** » Mon Aug 21, 2006 7:11 am

rebop wrote:Seems that Access Connections will try to restablish the connection when the machine is back online and a VPN can be called from a custom setting.

I've already got the VPN I use setup in Access Connections, that's not the problem.

The difficulty arises from the fact that the Cisco VPN I access requires the use of an RSA token generated passcode that's unique and changes every 60 seconds.

So the connection requires manual input every time I access it.

Regards,

James

jsteele · #8 Post by **jsteele** » Mon Aug 21, 2006 9:38 am

In my case I have found that Access Connections does not always run to reestablish the connection. I find that if the connection was on wireless at home, resuming from hibernation at home will, more often than not, simply recover the previous wireless connection unaided by Access Connections. For some reason this isn't always the case, but more often than not it is.

rebop wrote:I am just beginning to play with my first Thinkpad, so might be off the mark, but, have you tried setting a connection in Access Manager and assigning the VPN to that? Seems that Access Connections will try to restablish the connection when the machine is back online and a VPN can be called from a custom setting.

Just a thought. Curious to see if it works for you.

Bob

Wiz · #9 Post by **Wiz** » Mon Aug 21, 2006 9:59 am

JHEM wrote: The difficulty arises from the fact that the Cisco VPN I access requires the use of an RSA token generated passcode that's unique and changes every 60 seconds.

So the connection requires manual input every time I access it.

There is no way to make that automatically when using a RSA token. When you hibernate or go to standby the VPN connection terminate and a new authentication is required or it would have been a huge security issue. If you got a static password it can be easily done creating a batch file that run the vpngui.exe or vpnclient.exe with parameters that specify your username, password and connection profile. It's also possible to save your password in the client if that option is enabled on the VPN server (Concentrator, PIX, router or whatever equipment that is used), but that wouldn't be much help using a RSA token. That is for the Cisco VPN client and others might operate a bit different, but using a RSA token a new manual authentication is required in any case.

Rob Mayercik · #10 Post by **Rob Mayercik** » Tue Aug 22, 2006 7:27 am

JHEM wrote:The difficulty arises from the fact that the Cisco VPN I access requires the use of an RSA token generated passcode that's unique and changes every 60 seconds.

So the connection requires manual input every time I access it.

James,

I have heard that you can get an RSA application that you install on your computer that replaces the need for the physical token device. This would tie you to a single system (don't know if that would be a problem), but it might allow for automated VPN reconnects without manual intervention.

From RSA's website: http://www.rsasecurity.com/node.asp?id=1162

Rob

JHEM · #11 Post by **JHEM** » Tue Aug 22, 2006 7:46 am

I'm familiar with RSA "seeds" for desktops Rob, but I consider them a major security breach for a laptop.

I can live with having to manually access the VPNs I use, I normally only have to do so once or twice a day, rarely more.

Regards,

James

nelson · #12 Post by **nelson** » Tue Aug 22, 2006 7:08 pm

There's no theoretical reason why resuming a VPN connection from hibernate would be a security risk. As a practical matter though, I've never seen a VPN connection survive a hibernate. Or for that matter, most TCP sockets. As soon as you hibernate you stop answering network packets. If something on the other end is expecting you to respond and you don't they'll assume your machine is dead and will drop the connection.

Restore VPN after Hibernate

Restore VPN after Hibernate

Who is online