VPN & Video Conferencing

If you have devices connecting back to your corporate network you will need to look at the configuration when using SimplyVideo, as well as other video services.

If you are using a split tunnel VPN for the lower bandwidth requirements this will affect the way our service works.

When using a split tunnel to access SimplyVideo or joining with WebRTC (browser based conferencing), it is highly likely the HTTPS traffic (port 443) will be sent down the VPN tunnel but the media ports will be allowed to punch out of the local/home network to the internet, or the reverse. This will cause the user to experience all or some of the following issues:-

A black screen (can’t see video one or both ways)
Audio issues (either no, or one way audio)
You will be able to see the user in the participant pane & message between each other only.

This causes issues as the signalling as media & other traffic are taking different routes to us, and arrive at different times, which will in effect stop the call working.

What is a Split Tunnel?

When you split-tunnel a VPN on a remote device, you are splitting your ethernet traffic between what goes to & from your company's network, and what is allowed to reach the internet from the local internet connection.

The reason for using split-tunnelling VPN is to simply give your users the ability to do their jobs from a remote location, while punching out traffic like SkyGo or Netflix through their local internet (Who doesn’t love a bit of the USOffice or F1?).

Using a split tunnel VPN ensures business data & corporate access is secure and any non critical data or other usage is kept off the organisations network. This also saves you a bit of bandwidth as cat videos aren't touching the corporate network

Here is a diagram below to show you

Split Tunnel

There are pro’s to this, but inevitably there are a lot of cons:

Pros:

Split tunnelling the corporate data directly reduces the bandwidth needed.
Corporate data is secured through IPSEC connectivity.
Device & software updates can come through the IPSEC connection.
If you have cloud services, those will flow out of the internet connection and not go through the corporate network.

Cons:

Web activity goes out of the internet and does not get inspected by the corporate network unless you have an advanced VPN client.
Port scans can still happen to the laptop as it sits in on open WiFi connections (McDonalds, Motorway service stations etc).
The device is open to exploits enabling potential access, and the ability to drop Mal/Spyware on the device.
No change on the laptop attack surface except all traffic is encapsulated in an IPSEC tunnel.

Full VPN

In a full VPN, (Also known as a SSL VPN) connection ALL traffic goes back through the corporate firewall including your Netflix/SkyGo etc.

We have given you another image below.

Full VPN

VPN With SimplyVideo

We don't mind which VPN you choose for your organisation and we will work with both, however if using a split tunnel, you will need to:-

Either

Allow all media ports coming back to us (see Firewall ports & network requirements page) through your VPN

Or

Make sure our domains bypass your VPN completely (please see our security documentation for how we encrypt & secure traffic)

If you are using a full VPN, you will need to make sure all firewalls used for VPN access & on route through your DMZ have the correct ports open.

Any questions please ask us
Was this article helpful?
Cancel
Thank you!