Routing issue over VPN tunnel

Hi all
I have established a VPN connection to our work LAN (behind Cisco 837) using vpnc; however, the default route is getting overwritten to point to the tunnel whereas I only want 10.10.10.0/24 to be routed over the tunnel. On an ubuntu computer that I occasionally use from home there is a vpnc-connect utility which reads a 'Target networks' config line in /etc/vpnc/default.conf and sets up the tunnel as I have described.

How can I replicate vpnc-connect on my AA1? Or, alternatively, what route command(s) do I need to enter to leave the default route as-is and only route 10.10.10.0/24 over the VPN tunnel.

Thanks in advance
Michael

 

Some VPN products do something similar to this by design. When you connect to the remote network you cannot connect to the local network. The thought being that it will prevent your machine from acting as a remote gateway back to the corporate network.

As for how to solve it, I'd have to do some work with it to know for sure... I'm waiting on a pair of AAO 150's to show up at work so I can install the vpn client and review the limitations, etc.

Can you post your existing routes with the vpn connected? or perhaps a little more information? I know networking, but I'm a little weak on the linux side of things...but I might be able to figure it out...

 

Thanks for replying -- I've just had a small flash of inspiration when you mentioned routing. I've re-established the VPN connection and routing is working perfectly. The problem is actually that my DNS breaks when the VPN is established. So my question has been revised to, "how do I stop DNS settings being altered when vpnc starts?"

Also, please note that I do not have an internal DNS server on my work network that I need to talk to -- I simply want to retain the DNS details that I get from DHCP.

Thanks
Michael

 

I'm pretty sure the samething applies. You traffic is being routed over the tunnel - including DNS. This means you'd have to specify DNS servers on the far end of the tunnel.

There might be a way around this, but without knowing which vpn client you're using, etc it's hard to know more... for myself or anyone else.

 

I wrote a shell script that stores my resolv.conf before opening the VPN and reinstates it as soon as the VPN opens -- here it is in case it is useful to anyone else....

Code:

#!/bin/bash
tmpdns=`date +%s`
echo "Storing DNS settings"
cp -f /etc/resolv.conf /tmp/vpndns$tmpdns

echo "Connecting to the VPN"
/usr/local/sbin/vpnc

echo "Resetting DNS settings"
cp -f /tmp/vpndns$tmpdns /etc/resolv.conf

echo "Press ENTER to disconnect ... (and don't close this terminal session before you do)"

read $disconnect

echo "Disconnecting from the VPN"
/usr/local/sbin/vpnc-disconnect
echo "Reconfiguring the original DNS settings"
cp -f /tmp/vpndns$tmpdns /etc/resolv.conf
rm -f /tmp/vpndns$tmpdns

echo "VPN should now be disconnected"