We have split tunneling for some of our users, so our solution is to force all connections via the VPN through the proxy. This does not address limitation 3 of your message but thought it might be a useful data point. On Thu, Feb 20, 2020 at 12:44 PM Bob Dougherty <[log in to unmask]> wrote: > Dear Code4Lib list members, > > > > I'm wondering if other libraries have a solution or workaround for a > problem > that is plaguing my corporate library. > > > > We subscribe to many e-journals and databases that use IP authentication. > This works fine from a company site, or with a full VPN connection to the > company network. In these environments, our users always have a company IP > address. > > > > However, on mobile devices, our corporate VPN uses "split tunneling". With > this configuration, the VPN tunnel is used only for internal resources such > as our Intranet. All other traffic is routed through the user's Internet > Service Provider. So when a user browses to, say, ScienceDirect, the server > detects a connection from Verizon, Comcast, or some other ISP. Up comes the > paywall! > > > > I'd really like to know three things: > > 1. If your institution offers VPN access to mobile device users, does > it employ split tunneling? > > 2. If so, does this present challenges with IP-authenticated > resources? > > 3. If so, what solutions or workarounds are available, other than > proxies or alternative authentication procedures? > > > > Thanks, > > > > Bob Dougherty >