Route and vpnc

MrKnisely mrknisely at mrknisely.is-a-geek.org
Mon Mar 6 21:15:16 UTC 2006 

Tony Arnold wrote:

>MrKnisely wrote:
>  
>
>>Tony Arnold wrote:
>>
>>    
>>
>>>Kenneth,
>>>
>>>Kenneth P. Turvey wrote:
>>> 
>>>
>>>      
>>>
>>>>I use vpnc to connect to the Universities wireless system and to gain
>>>>access to the Beowulf cluster on campus.  When I use it to connect to
>>>>the
>>>>wireless network, I would like all of my IP traffic to be directed
>>>>through
>>>>the university's network, but when I use it at home to connect to a
>>>>single
>>>>machine on campus, I would like all of my network traffic to be handled
>>>>normally, except that destined for the university network.    
>>>>        
>>>>
>>>What you are lookig for is split horizons support in vpnc. I don't know
>>>if that is there. It's potentially risky as it can allow traffic from
>>>other networks through your machine and down the vpn tunnel you've
>>>created, thus opening a huge security hole in your university defenses.
>>>
>>> 
>>>
>>>      
>>>
>>>>I have yet to get it to really work well.
>>>>In addition to this, I would rather use my ISPs name servers when
>>>>they are
>>>>available.  Resolvconf seems to be resetting them without asking any
>>>>quesitons.    
>>>>        
>>>>
>>>Unless you have the split horizons support, you won't be able to reach
>>>your ISPs name servers once the vpn tunnel has been established. Hence
>>>the use of your University name servers.
>>>
>>>We use the Cisco VPN server at Manchester and I've successfully run the
>>>Cisco VPN client for Linux. I've not experimented with split horizons
>>>though.
>>>
>>>Regards,
>>>Tony
>>> 
>>>
>>>      
>>>
>>I believe you are talking about split tunneling.  Split horizons is a
>>method of avoiding routing loops:
>>
>>http://en.wikipedia.org/wiki/Split_Horizon
>>    
>>
>
>My bad! Seems my VPN guys have been telling me the incorrect term!
>
>  
>
>>Split Tunneling is a method of  allowing multiple pipes for data to flow:
>>
>>http://www.cisco.com/en/US/customer/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml#inability
>>    
>>
>
>This URL seems to need a username and password, which I could probably
>get through our Cisco support, but not much use to the OP.
>
>Still, he has some terms to googelise.
>
>Regards,
>Tony.
>  
>
Hmm... Sorry about the broken link.  Cisco's great about locking stuff 
away, but if you've got a CCO ID you've got everything you need to 
become a CCIE.

How 'bout I just post the pdf?

Mike K.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec_debug.pdf
Type: application/pdf
Size: 55661 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060306/f99a560e/attachment.pdf>

More information about the ubuntu-users mailing list