Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Add routes for split tunnel after networkmanager-vpnc
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Faraclas
Tux's lil' helper
Tux's lil' helper


Joined: 08 Dec 2014
Posts: 91

PostPosted: Fri Apr 10, 2015 10:53 pm    Post subject: Add routes for split tunnel after networkmanager-vpnc Reply with quote

After my VPN connection is established, I would like to add the routes for split tunneling so all internet traffic will go out my normal interface (very fast) and only VPN traffic will go out the VPN connection.

I did check the box for NetworkManager to do this for me but it seems not to be working. When I was doing this in OSX, I used to run this script after connecting to the VPN and it did the trick wonderfully. I've read a bunch on how to do this in linux but I am not really understanding what is going on. [which is probably the bulk of my issue].

Code:
#!/bin/bash

if [[ $EUID -ne 0 ]]; then
    echo "Run this as root"
    exit 1
fi

route -nv add -net 130.164.0.0 -interface utun0
route -nv add -net 10.0.0.0 -interface utun0
route change default 192.168.0.1


Otherwise, here is what is going on, as far as I can tell.

System on boot

Initial resolv.conf
Code:
# Generated by resolvconf
nameserver 192.168.0.1


Code:
# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         192.168.0.1     0.0.0.0         UG        0 0          0 enp16s0
default         192.168.0.1     0.0.0.0         UG        0 0          0 wlp6s0
192.168.0.0     *               255.255.255.0   U         0 0          0 enp16s0
192.168.0.0     *               255.255.255.0   U         0 0          0 wlp6s0


Code:
# tracepath www.google.com
 1?: [LOCALHOST]                                         pmtu 1500
 1:  192.168.0.1                                           0.282ms
 1:  192.168.0.1                                           0.187ms
 2:  rs-204-15-87-1-0001.broadweave.net                    0.482ms
 3:  no reply
 4:  10.1.248.1                                           10.802ms
 5:  97.75.178.101                                         1.033ms
 6:  ip65-46-63-49.z63-46-65.customer.algx.net             2.457ms
 7:  vb1611.rar3.sanjose-ca.us.xo.net                     22.277ms asymm  9
 8:  ae0.cir1.sanjose2-ca.us.xo.net                       18.873ms


System after VPN connection
/etc/resolv.conf
Code:
# Generated by NetworkManager
search amer.corp.natinst.com natinst.com
nameserver 130.164.12.30
nameserver 130.164.44.25
nameserver 192.168.0.1


Note1: It seems that NetworkManager turned on the WiFi interface wlp6s0 when the VPN connected. I dont think this is a problem
Note2: the netstat -r command takes a significant amount of time to run whereas before it was immediate
Code:
# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         192.168.0.1     0.0.0.0         UG        0 0          0 enp16s0
default         192.168.0.1     0.0.0.0         UG        0 0          0 wlp6s0
130.164.30.0    *               255.255.255.0   U         0 0          0 tun0
130.164.30.0    *               255.255.255.0   U         0 0          0 tun0
130.164.141.21  192.168.0.1     255.255.255.255 UGH       0 0          0 enp16s0
192.168.0.0     *               255.255.255.0   U         0 0          0 enp16s0
192.168.0.0     *               255.255.255.0   U         0 0          0 enp16s0
192.168.0.0     *               255.255.255.0   U         0 0          0 wlp6s0


Note: The tracepath also is taking a VERY long time to execute in this case
Code:
# tracepath www.google.com
 1?: [LOCALHOST]                                         pmtu 1500
 1:  192.168.0.1                                           0.268ms
 1:  192.168.0.1                                           0.213ms
 2:  rs-204-15-87-1-0001.broadweave.net                    0.501ms
 3:  no reply
 4:  10.1.248.1                                            4.872ms
 5:  97.75.178.101                                         7.226ms
 6:  ip65-46-63-49.z63-46-65.customer.algx.net             2.475ms
 7:  vb1611.rar3.sanjose-ca.us.xo.net                     19.162ms asymm  9
 8:  ae0.cir1.sanjose2-ca.us.xo.net                       18.944ms
 9:  no reply
10:  no reply


Problem: Even though it says VPN connected, I cannot actually see anything on the remote [VPN] Network.

Next Step, Connect with vpnc directly using:
Code:
vpnConnect() {
   echo "Connecting to NI-VPN";
   sudo vpnc /etc/vpnc/niVPN.conf;
   echo "/etc/resolv.conf";
   cat /etc/resolv.conf;
}


Quote:
$ vpnConnect
Connecting to NI-VPN
Connect Banner:
| You are authorized.

VPNC started in background (pid: 5973)...
/etc/resolv.conf
# Generated by resolvconf
domain amer.corp.natinst.com
nameserver 130.164.12.30
nameserver 130.164.44.25
nameserver 192.168.0.1


Note1: Now I can see the resources on the VPN network just fine.
Note2: netstat -r responds immediately

Code:
# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         *               0.0.0.0         U         0 0          0 tun0
default         192.168.0.1     0.0.0.0         UG        0 0          0 enp16s0
130.164.141.21  192.168.0.1     255.255.255.255 UGH       0 0          0 enp16s0
192.168.0.0     *               255.255.255.0   U         0 0          0 enp16s0
192.168.0.0     *               255.255.255.0   U         0 0          0 enp16s0


But all of the traffic is going out the VPN interface...
Code:
# tracepath ww.google.com
 1?: [LOCALHOST]                                         pmtu 1412
 1:  mp2-152-4-v-vpn-public.natinst.com                   40.435ms
 1:  mp2-152-4-v-vpn-public.natinst.com                   41.186ms
 2:  mp2-152-7-g-gw-vlan-550.amer.corp.natinst.com        40.951ms asymm  5
 3:  no reply
 4:  mp3-1n14-d4-n-gw-vlan-541.amer.corp.natinst.com      41.727ms asymm  5
 5:  mp3-1n14-d1-n-fw-g-1-2-541.amer.corp.natinst.com     45.926ms
 6:  mp3-1n14-d4-n-gw-vlan-588.amer.corp.natinst.com      69.919ms
 7:  130.164.4.35                                         45.060ms
 8:  13.gigabitethernet3-0-2.gw3.aus4.alter.net           51.788ms
 9:  0.ae2.xl4.dfw7.alter.net                             53.498ms asymm 12
10:  tengige0-7-0-3.gw4.dfw13.alter.net                   54.052ms asymm 13


Although I really would like to get networkmanager-vpnc working properly, I am not sure if this is the best thing to persue. Instead, If I can redo the routing properly after using the script, that would be great.

Thanks for the help![/code]
Back to top
View user's profile Send private message
Faraclas
Tux's lil' helper
Tux's lil' helper


Joined: 08 Dec 2014
Posts: 91

PostPosted: Tue May 05, 2015 2:34 am    Post subject: Reply with quote

Hey guys, I'm still stumped on this. Can anyone help me convert that OSX script to work in linux?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum