You'll need to find out the IP address/range of the VPN. You can then use the IncludeIP directive to force users coming in on the VPN to always authenticate. A better solution may be to use the AutoLoginIP directive that was already suggested.
Heather
· · · · · · · · · · · · · · ·
Heather Klish
Systems Librarian
University Library Technology Services
[log in to unmask]
617.627.5853
sent from my phone
Joselito Dela Cruz <[log in to unmask]> wrote:
Hi Heather,
Yes our VPN uses split tunnel.
-----Original Message-----
From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of
Klish, Heather J
Sent: Thursday, October 18, 2012 2:20 PM
To: [log in to unmask]
Subject: Re: [CODE4LIB] VPN & EZ Proxy
This also depends on if your VPN is full tunnel or split tunnel. Here's
my very, very simplified explanation:
If full tunnel, users who are logged into the VPN shouldn't need to
authenticate as traffic to the external resource should be seen as
coming from 'on-campus'.
If split tunnel, users who are logged into the VPN will need to
authenticate because traffic directed to external sites will be using
the IP address of the user (I believe).
We had problems with this while our VPN was split tunnel. We had to set
EZproxy to always authenticate users coming in from our VPNs IP address.
Heather
----------
Heather Klish
Systems Librarian
University Library Technology Services
Tufts University
617.627.5853
[log in to unmask]
________________________________________
From: Code for Libraries [[log in to unmask]] on behalf of
Joselito Dela Cruz [[log in to unmask]]
Sent: Thursday, October 18, 2012 1:46 PM
To: [log in to unmask]
Subject: [CODE4LIB] VPN & EZ Proxy
Hi All,
We use EZ Proxy for authentication and we always tell the staff who uses
VPN to turn their VPN off so they can access our databases.
Is this the right way? Looking for answers around and could not find
any. I thought I would throw this in here.
Thanks for feedbacks.
Jay Dela Cruz
|