5 Cups of Ubuntu
I am having an issue when I connect to my work Cisco VPN through VPNC.
The problem is when the VPN is up, all network traffic seems to get routed through the VPN, and I lose most internet connectivity, because the VPN is setup for internal work network access.
Is there something I can do to tell VPNC to only use the routes that the VPN is supposed to manage? If so, how do I know which routes the VPN is managing?
Dark Roasted Ubuntu
as far as i am informed about the Cisco VPN, it is build upon IPSEC, which will always direct you entirely over the VPN once you are connected.
Afaik, there is no way (unless you wish you modify your routes after the connection has come up) to stop this. One of the reasons i tried this one, and then left it alone. OpenVPN is way more flexible and can do partial redirects.
So, i guess the answer to your question is a definitely maybe. You'll need to modify your router accordingly - manually. If you can give me the output of
once when you are connected and once when you are not, i might be able to to see something. But don't count on it...Code:route -n
Hope this helps
Calvin: I'm being educated against my will! My rights are being trampled!
Hobbes: Is it a right to remain ignorant?
Calvin: I don't know, but I refuse to find out!
5 Cups of Ubuntu
Here are the results you asked for:
With VPN On:The xxx.xxx.xxx.xxx is my VPN Gateway.Code:~$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface xxx.xxx.xxx.xxx 192.168.0.1 255.255.255.255 UGH 0 0 0 ath0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ath0 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0
With VPN Off:Code:~$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ath0 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 ath0
It appears to be removing the Gateway and Gateway Flag from the 0.0.0.0 entry. Is there a way to resolve this?
Last edited by RROY; June 24th, 2008 at 11:29 PM.
Dark Roasted Ubuntu
ok, that is a full redirect of everything... here are the commands you can try to force the redirect to be dropped while the vpn stays up.
these will take out the vpn redirection... now, what you need is forward the work network through the vpn. For that you need to know what networks are inside your work. This can be one or multiple. If you are running a rather "normal" internal network, i think these routes should be sufficient:Code:sudo route del -net 0.0.0.0 netmask 0.0.0.0 sudo route add default gw 192.168.0.1
tell me how it worksCode:sudo route add -net 192.168.0.0 netmask 255.255.0.0 dev tun0 sudo route add -net 10.0.0.0 netmask 255.0.0.0 dev tun0
Calvin: I'm being educated against my will! My rights are being trampled!
Hobbes: Is it a right to remain ignorant?
Calvin: I don't know, but I refuse to find out!
5 Cups of Ubuntu
Tried the first step, still no internet:
I could still connect to work's network...Code:~$ sudo route del -net 0.0.0.0 netmask 0.0.0.0 ~$ sudo route add default gw 192.168.0.1 ~$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface x.x.x.x 192.168.0.1 255.255.255.255 UGH 0 0 0 ath0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ath0 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 ath0 ~$ ping google.com ping: unknown host google.com
Dark Roasted Ubuntu
did you check your /etc/resolv.conf if your nameserver was still reachable ? it could be that vpnc rewrites the dns to match it with the ones from work - which won't work anymore if you delete the standard route
i'll need sleep now, so i won't answer for the next 10 hours or so
cheers
Calvin: I'm being educated against my will! My rights are being trampled!
Hobbes: Is it a right to remain ignorant?
Calvin: I don't know, but I refuse to find out!
5 Cups of Ubuntu
My nameserver is my gateway 192.168.0.1 and is still reachable.
I tried to ping by IP...no response.
Tried a tracert and it never got any responses either...
I loaded the resolv.conf after I connected to the VPN, and Network Manager changed my nameservers automatically...removing my default one...
Thanks for all the help...I'm gonna install the Cisco client, VPNC is being a pain...it was nice having it integrated into the network manager though...oh well...
Last edited by RROY; June 25th, 2008 at 12:12 AM.
5 Cups of Ubuntu
I just found that if I use the shell vpnc-connect command everything works fine.
It adds an entire proper routing table and leaves me able to connect to the internet.
Now to figure out why the network manager vpnc doesn't run vpnc-connect properly...
5 Cups of Ubuntu
Found out what the problem is:
https://bugs.launchpad.net/ubuntu/+s...nc/+bug/207506
It looks like the Network-Manager-VPNC plugin uses it's own script...and it's fubar'd when it comes to managing routing tables it seems...
I've switched to kvpnc as a tray item...too bad though...network manager would have been awesome if only it's vpnc plugin actually worked.
5 Cups of Ubuntu
2013 and this post helped me after a month of thinking ovpn had a bug.
Adv Reply
Bookmarks