Page 1 of 1

Why don't computers outside see my computer as part of the Cornell network when I'm connected to the VPN?

Posted: Tue Sep 22, 2015 11:29 am
by tamannasharma
While you're connected through the VPN, only traffic to and from Cornell resources is routed through the VPN. Systems, sites and servers outside Cornell will continue to see your ISPs address, even when you're connected through the VPN. So if you're in a hotel room and connected to the VPN while you check your Cornell e-mail and place an order with an on-line retailer, you will appear to have a Cornell IP address when you check your mail and at the same time appear to have the Hotel ISPs IP address to the people you are placing your order with.

This is a configuration called, variously, split tunneling or split horizon. In this mode, traffic destined for Cornell's networks is sent through the VPN tunnel. Traffic destined anywhere else is sent through your default Internet connection. Computers outside Cornell see you as part of that ISP network for this reason.

The rationale behind split tunneling is that it's inefficient to haul all your Internet traffic through the VPN, receive it at Cornell, then send the results back to you. Not only would that create bandwidth concerns, it would bring privacy concerns as well.