| View previous topic :: View next topic |
| Author |
Message |
Faraclas
Tux's lil' helper
Joined: 08 Dec 2014
Posts: 106
|
 Posted: Fri Apr 10, 2015 10:53 pm Post subject: Add routes for split tunnel after networkmanager-vpnc |
 |
|
After my VPN connection is established, I would like to add the routes for split tunneling so all internet traffic will go out my normal interface (very fast) and only VPN traffic will go out the VPN connection.
I did check the box for NetworkManager to do this for me but it seems not to be working. When I was doing this in OSX, I used to run this script after connecting to the VPN and it did the trick wonderfully. I've read a bunch on how to do this in linux but I am not really understanding what is going on. [which is probably the bulk of my issue].
| Code: | #!/bin/bash
if [[ $EUID -ne 0 ]]; then
echo "Run this as root"
exit 1
fi
route -nv add -net 130.164.0.0 -interface utun0
route -nv add -net 10.0.0.0 -interface utun0
route change default 192.168.0.1 |
Otherwise, here is what is going on, as far as I can tell.
System on boot
Initial resolv.conf
| Code: | # Generated by resolvconf
nameserver 192.168.0.1 |
| Code: | # netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default 192.168.0.1 0.0.0.0 UG 0 0 0 enp16s0
default 192.168.0.1 0.0.0.0 UG 0 0 0 wlp6s0
192.168.0.0 * 255.255.255.0 U 0 0 0 enp16s0
192.168.0.0 * 255.255.255.0 U 0 0 0 wlp6s0 |
| Code: | # tracepath www.google.com
1?: [LOCALHOST] pmtu 1500
1: 192.168.0.1 0.282ms
1: 192.168.0.1 0.187ms
2: rs-204-15-87-1-0001.broadweave.net 0.482ms
3: no reply
4: 10.1.248.1 10.802ms
5: 97.75.178.101 1.033ms
6: ip65-46-63-49.z63-46-65.customer.algx.net 2.457ms
7: vb1611.rar3.sanjose-ca.us.xo.net 22.277ms asymm 9
8: ae0.cir1.sanjose2-ca.us.xo.net 18.873ms |
System after VPN connection
/etc/resolv.conf
| Code: | # Generated by NetworkManager
search amer.corp.natinst.com natinst.com
nameserver 130.164.12.30
nameserver 130.164.44.25
nameserver 192.168.0.1 |
Note1: It seems that NetworkManager turned on the WiFi interface wlp6s0 when the VPN connected. I dont think this is a problem
Note2: the netstat -r command takes a significant amount of time to run whereas before it was immediate
| Code: | # netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default 192.168.0.1 0.0.0.0 UG 0 0 0 enp16s0
default 192.168.0.1 0.0.0.0 UG 0 0 0 wlp6s0
130.164.30.0 * 255.255.255.0 U 0 0 0 tun0
130.164.30.0 * 255.255.255.0 U 0 0 0 tun0
130.164.141.21 192.168.0.1 255.255.255.255 UGH 0 0 0 enp16s0
192.168.0.0 * 255.255.255.0 U 0 0 0 enp16s0
192.168.0.0 * 255.255.255.0 U 0 0 0 enp16s0
192.168.0.0 * 255.255.255.0 U 0 0 0 wlp6s0 |
Note: The tracepath also is taking a VERY long time to execute in this case
| Code: | # tracepath www.google.com
1?: [LOCALHOST] pmtu 1500
1: 192.168.0.1 0.268ms
1: 192.168.0.1 0.213ms
2: rs-204-15-87-1-0001.broadweave.net 0.501ms
3: no reply
4: 10.1.248.1 4.872ms
5: 97.75.178.101 7.226ms
6: ip65-46-63-49.z63-46-65.customer.algx.net 2.475ms
7: vb1611.rar3.sanjose-ca.us.xo.net 19.162ms asymm 9
8: ae0.cir1.sanjose2-ca.us.xo.net 18.944ms
9: no reply
10: no reply |
Problem: Even though it says VPN connected, I cannot actually see anything on the remote [VPN] Network.
Next Step, Connect with vpnc directly using:
| Code: | vpnConnect() {
echo "Connecting to NI-VPN";
sudo vpnc /etc/vpnc/niVPN.conf;
echo "/etc/resolv.conf";
cat /etc/resolv.conf;
} |
| Quote: | $ vpnConnect
Connecting to NI-VPN
Connect Banner:
| You are authorized.
VPNC started in background (pid: 5973)...
/etc/resolv.conf
# Generated by resolvconf
domain amer.corp.natinst.com
nameserver 130.164.12.30
nameserver 130.164.44.25
nameserver 192.168.0.1 |
Note1: Now I can see the resources on the VPN network just fine.
Note2: netstat -r responds immediately
| Code: | # netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default * 0.0.0.0 U 0 0 0 tun0
default 192.168.0.1 0.0.0.0 UG 0 0 0 enp16s0
130.164.141.21 192.168.0.1 255.255.255.255 UGH 0 0 0 enp16s0
192.168.0.0 * 255.255.255.0 U 0 0 0 enp16s0
192.168.0.0 * 255.255.255.0 U 0 0 0 enp16s0 |
But all of the traffic is going out the VPN interface...
| Code: | # tracepath ww.google.com
1?: [LOCALHOST] pmtu 1412
1: mp2-152-4-v-vpn-public.natinst.com 40.435ms
1: mp2-152-4-v-vpn-public.natinst.com 41.186ms
2: mp2-152-7-g-gw-vlan-550.amer.corp.natinst.com 40.951ms asymm 5
3: no reply
4: mp3-1n14-d4-n-gw-vlan-541.amer.corp.natinst.com 41.727ms asymm 5
5: mp3-1n14-d1-n-fw-g-1-2-541.amer.corp.natinst.com 45.926ms
6: mp3-1n14-d4-n-gw-vlan-588.amer.corp.natinst.com 69.919ms
7: 130.164.4.35 45.060ms
8: 13.gigabitethernet3-0-2.gw3.aus4.alter.net 51.788ms
9: 0.ae2.xl4.dfw7.alter.net 53.498ms asymm 12
10: tengige0-7-0-3.gw4.dfw13.alter.net 54.052ms asymm 13 |
Although I really would like to get networkmanager-vpnc working properly, I am not sure if this is the best thing to persue. Instead, If I can redo the routing properly after using the script, that would be great.
Thanks for the help![/code] |
|
| Back to top |
|
 |
Faraclas
Tux's lil' helper
Joined: 08 Dec 2014
Posts: 106
|
| Posted: Tue May 05, 2015 2:34 am Post subject: |
|
|
| Hey guys, I'm still stumped on this. Can anyone help me convert that OSX script to work in linux? |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
