We have split tunneling for some of our users, so our solution is to force
all connections via the VPN through the proxy. This does not address
limitation 3 of your message but thought it might be a useful data point.
On Thu, Feb 20, 2020 at 12:44 PM Bob Dougherty <[log in to unmask]> wrote:
> Dear Code4Lib list members,
>
>
>
> I'm wondering if other libraries have a solution or workaround for a
> problem
> that is plaguing my corporate library.
>
>
>
> We subscribe to many e-journals and databases that use IP authentication.
> This works fine from a company site, or with a full VPN connection to the
> company network. In these environments, our users always have a company IP
> address.
>
>
>
> However, on mobile devices, our corporate VPN uses "split tunneling". With
> this configuration, the VPN tunnel is used only for internal resources such
> as our Intranet. All other traffic is routed through the user's Internet
> Service Provider. So when a user browses to, say, ScienceDirect, the server
> detects a connection from Verizon, Comcast, or some other ISP. Up comes the
> paywall!
>
>
>
> I'd really like to know three things:
>
> 1. If your institution offers VPN access to mobile device users, does
> it employ split tunneling?
>
> 2. If so, does this present challenges with IP-authenticated
> resources?
>
> 3. If so, what solutions or workarounds are available, other than
> proxies or alternative authentication procedures?
>
>
>
> Thanks,
>
>
>
> Bob Dougherty
>
|