Route and vpnc

Tony Arnold tony.arnold at manchester.ac.uk
Sun Mar 5 15:36:13 UTC 2006 


MrKnisely wrote:
> Tony Arnold wrote:
> 
>> Kenneth,
>>
>> Kenneth P. Turvey wrote:
>>  
>>
>>> I use vpnc to connect to the Universities wireless system and to gain
>>> access to the Beowulf cluster on campus.  When I use it to connect to
>>> the
>>> wireless network, I would like all of my IP traffic to be directed
>>> through
>>> the university's network, but when I use it at home to connect to a
>>> single
>>> machine on campus, I would like all of my network traffic to be handled
>>> normally, except that destined for the university network.    
>>
>>
>> What you are lookig for is split horizons support in vpnc. I don't know
>> if that is there. It's potentially risky as it can allow traffic from
>> other networks through your machine and down the vpn tunnel you've
>> created, thus opening a huge security hole in your university defenses.
>>
>>  
>>
>>> I have yet to get it to really work well.
>>> In addition to this, I would rather use my ISPs name servers when
>>> they are
>>> available.  Resolvconf seems to be resetting them without asking any
>>> quesitons.    
>>
>>
>> Unless you have the split horizons support, you won't be able to reach
>> your ISPs name servers once the vpn tunnel has been established. Hence
>> the use of your University name servers.
>>
>> We use the Cisco VPN server at Manchester and I've successfully run the
>> Cisco VPN client for Linux. I've not experimented with split horizons
>> though.
>>
>> Regards,
>> Tony
>>  
>>
> 
> I believe you are talking about split tunneling.  Split horizons is a
> method of avoiding routing loops:
> 
> http://en.wikipedia.org/wiki/Split_Horizon

My bad! Seems my VPN guys have been telling me the incorrect term!

> Split Tunneling is a method of  allowing multiple pipes for data to flow:
> 
> http://www.cisco.com/en/US/customer/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml#inability

This URL seems to need a username and password, which I could probably
get through our Cisco support, but not much use to the OP.

Still, he has some terms to googelise.

Regards,
Tony.
-- 
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold

More information about the ubuntu-users mailing list