View previous topic :: View next topic |
Author |
Message |
tayga n00b
Joined: 16 Jul 2017 Posts: 14
|
Posted: Thu Feb 18, 2021 10:56 pm Post subject: need help connecting to the VPN |
|
|
Hi,
I want to connect to my work VPN from my gentoo machine. Its a pulse protocol and I connected with openconnect:
Code: | openconnect --protocol=pulse https://myworkvpn.com |
everything is good and connection is established.
my ifconfig looks like that:
Code: |
enp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.11 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::e6ef:ff55:c825:cf83 prefixlen 64 scopeid 0x20<link>
inet6 fd00:688f:2e16:10f2:e7:466:2dda:48ea prefixlen 64 scopeid 0x0<global>
ether b4:2e:99:a0:57:b1 txqueuelen 1000 (Ethernet)
RX packets 4509389 bytes 5361921465 (4.9 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1014517 bytes 183405324 (174.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xfc700000-fc71ffff
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 9690 bytes 753856 (736.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9690 bytes 753856 (736.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1400
inet workProvidedIP netmask 255.255.255.255 destination workProvidedIP
inet6 workProvidedIP prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 202 bytes 51699 (50.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 122 bytes 9891 (9.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp6s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 90:78:41:ca:5f:df txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
|
and now I'm at a complete lost. what do i need to do to actually use that connection?
I was trying to find a guide for that kinda scenario but my googling failed me
thank you |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21633
|
Posted: Thu Feb 18, 2021 11:30 pm Post subject: |
|
|
If the VPN setup adjusted /etc/resolv.conf and your routing tables, then you should be able to directly access work resources as you would if you were in the office. Can you? If not, what happens when you try? |
|
Back to top |
|
|
tayga n00b
Joined: 16 Jul 2017 Posts: 14
|
Posted: Fri Feb 19, 2021 12:36 am Post subject: |
|
|
Thank you for your answer.
Yes the problem is that office specific DNS names are not recognized.
Using IPs are working!
O man I feel dumb.
I never used VPNs before |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21633
|
Posted: Fri Feb 19, 2021 3:16 am Post subject: |
|
|
If everything was working properly, office specific DNS names would be recognized. Now that we know they are not, we know what to analyze and try to fix. Do you know the IP addresses of the office-internal DNS servers? You don't need to tell them to us, but you will need them for debugging. Check your /etc/resolv.conf both with the VPN up and with the VPN down. Does it change when the VPN is up? If yes, are the nameservers shown while the VPN is up the ones that you would have if you were in the office? If /etc/resolv.conf does not change, we need to determine why it does not. If it does, we need to determine why the modified file does not enable you to resolve office-specific names. We do not know yet whether the problem is with your VPN client, or if IT configured the VPN server improperly. Do you have any coworkers (preferably Windows users, as IT often supports them best) that you can ask whether office-specific names work for them? If your coworkers have internal names working, it is more likely a client problem. If internal names do not work for anyone, it is probably an IT problem on the server. |
|
Back to top |
|
|
joanandk Apprentice
Joined: 12 Feb 2017 Posts: 169
|
Posted: Fri Feb 19, 2021 6:24 am Post subject: |
|
|
You have to check the following:
a) Is your company's internal domain name the same as the external one? If yes, then you should use Code: | openconnect --protocol=pulse https://<External_IP> |
b) Get to know the IP of your company's DNS server (as Hu has said) and edit resolv.conf to Code: | nameserver <DNSServer_IP> |
Now you should be able to use office specific host names. If this does not work, then there is something else going wrong.
If the above works, you will have to find out why your resolv.conf does not get reconfigured after the VPN has started. |
|
Back to top |
|
|
tayga n00b
Joined: 16 Jul 2017 Posts: 14
|
Posted: Fri Feb 19, 2021 3:53 pm Post subject: |
|
|
Yes, I checked /etc/resolv.conf it changes once i'm connected to VPN.
Two nameservers are added and home 192.168.0.1 is gone.
The way it is suppose to work:
I connect to office network through VPN and after i connect to my workstation. I have VPN credentials and the name of the workstation. Once im connected to VPN I enter the workstation name to remote desktop tool. On work issued windows machine name is recognized but on my gentoo system i have to use ip address for the workstation to connect.
Thanks again for the help
PS
It is a internal office machine name, Global domain names are working |
|
Back to top |
|
|
joanandk Apprentice
Joined: 12 Feb 2017 Posts: 169
|
Posted: Tue Feb 23, 2021 6:56 am Post subject: |
|
|
tayga wrote: | i have to use ip address for the workstation to connect. |
You also have the entry "search <INTERNAL_DOMAINNAME>" or "domain <INTERNAL_DOMAINNAME>" in your resolv.conf? |
|
Back to top |
|
|
Banana Veteran
Joined: 21 May 2004 Posts: 1392 Location: Germany
|
Posted: Tue Feb 23, 2021 7:02 am Post subject: |
|
|
Quote: | I connect to office network through VPN and after i connect to my workstation. I have VPN credentials and the name of the workstation. Once im connected to VPN I enter the workstation name to remote desktop tool. On work issued windows machine name is recognized but on my gentoo system i have to use ip address for the workstation to connect. |
Sounds like the company policy wants you to do this. use a VPN to access the workstation with RDP and work from there and not from your local PC. It acts like a proxy host and some security layer. _________________ My personal space
My delta-labs.org snippets do expire
PFL - Portage file list - find which package a file or command belongs to. |
|
Back to top |
|
|
|