VPNC & Default route

bastibasti · Guru Joined: 27 Nov 2006 Posts: 590

Hi there,

thus I dont know much about routing, I have to ask the question

I use VPNC to connect to the companies network, and it runs very well. The only thing that annoys me is that the default route is set to the tunnel device. Is that fixable somehow (statically)?

tarpman · Posted: Sat Nov 03, 2007 6:44 pm Post subject:

I whipped together a small shell script to deal with exactly this case... I'll post it here when I get home.
_________________
Saving the world, one kilobyte at a time.

bastibasti · Guru Joined: 27 Nov 2006 Posts: 590

That would be great!

tylerwylie · Posted: Sun Nov 04, 2007 9:45 am Post subject:

You can use the route command to set metrics on the routes, i.e your gateway as 1 and the tunnel's gateway as 2, and your gateway will be preferred.

bastibasti · Guru Joined: 27 Nov 2006 Posts: 590

I think the script deletes thze default route and restores it on disconnect.

tarpman · Posted: Mon Nov 05, 2007 3:44 am Post subject:

So you have vpnc(8) set up, and /etc/init.d/vpnc start works, but you'd rather it didn't take over your entire connection every time, right? Here's the script I put together to constrain the takeover slightly. You'll of course have to fix IPs and possibly netmasks yourself. If you don't understand what some part of it does, please ask rather than just assuming it'll work for you. In the interests of convenience I have it modify my /etc/resolv.conf to use the company DNS servers, because I ssh and rdesktop into several machines there by name, but you don't need to use that if you'd rather not.

dncohen · n00b Joined: 29 Nov 2004 Posts: 43

I'm hoping to do the same thing. I've copied your example, and I've tried what I found in http://www.gentoo.org/doc/en/vpnc-howto.xml. I haven't quite figured out how to make my computer reach the outside world and the VPN at the same time.

Here are some of my settings before running vpnc:

UberLord · Posted: Thu Dec 06, 2007 10:52 am Post subject:

You should use resolvconf-gentoo to manage the resolv.conf file instead of doing it yourself in that script.

I think vpnc supports it anyway, so you may not need to do anything.
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool

tuber · Apprentice Joined: 12 Nov 2004 Posts: 267

For the route issue, I just modify /etc/vpnc/vpnc-script At the top of the file, after the comments, I added:

dncohen · n00b Joined: 29 Nov 2004 Posts: 43

tuber, that appears to be most of what I needed.

I'm still having trouble with DNS, which brings me to UberLord's comment. I am not doing anything to resolve.conf. vpnc is doing that. In my post I'm just showing what happens to it.

After making the modification tuber suggested, my routes are improved, but vpnc still overwrites my resolve.conf. So I get a lot of unknown host errors. That is, while vpnc is running I can no longer ping www.yahoo.com, but I could ping 209.131.36.158.

Any ideas about that one? Thanks again.

dncohen · n00b Joined: 29 Nov 2004 Posts: 43

I figured out that resolvconf-gentoo is something I need to emerge. I did not have it.

So I've emerged it and configured it. Now things are working pretty well. I can connect to my vpn and the outside world simultaneously, which is great!

I'm noticing some delays with connections to the outside world, though. Is that normal?

V-Li · Retired Dev Joined: 03 Jan 2006 Posts: 613

Just for your information: vpnc has support for hook scripts now, described in the official howto.