Route and vpnc

Kenneth P. Turvey kt-usenet at squeakydolphin.com
Tue Mar 7 10:23:02 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 06 Mar 2006 16:15:16 -0500, MrKnisely wrote:

I wrote:
>>>>>I use vpnc to connect to the Universities wireless system and to gain
>>>>>access to the Beowulf cluster on campus.  When I use it to connect to
>>>>>the
>>>>>wireless network, I would like all of my IP traffic to be directed
>>>>>through
>>>>>the university's network, but when I use it at home to connect to a
>>>>>single
>>>>>machine on campus, I would like all of my network traffic to be
>>>>>handled normally, except that destined for the university network.

Someone else replied: 
>>>>What you are lookig for is split horizons support in vpnc. I don't
>>>>know if that is there. It's potentially risky as it can allow traffic
>>>>from other networks through your machine and down the vpn tunnel
>>>>you've created, thus opening a huge security hole in your university
>>>>defenses.

As it turns out this is really just a routing problem.  I am using the
following script to set everything up:

#!/bin/bash
#
# Connects to UMSL's wireless network.
# Assumes that the vpn client is set up with an umsl.config
# in /etc/vpnc/umsl.conf
#

killall vpnc
killall dhclient
iwconfig eth1 essid "MyESSID"
iwconfig eth1 key restricted MYREALLYLONGSTRINGOFHEX
iwconfig eth1 key on
iwconfig eth1 mode managed
dhclient eth1
vpnc umsl.conf
route del default gw 0.0.0.0
route add default gw 192.168.15.1
route add -net 134.124.0.0 netmask 255.255.0.0 dev tun0
resolvconf -d tun0
resolvconf -u

This must be run as root, but it connects to my local wireless network,
then the VPN, handles the routing issue and then the DNS issues.  I should
note that this would be a little more complicated if I had to use the
University's DNS servers for machines in their domain and my normal DNS
for everything else.

I understand the security implications of this and I think I have little
to be concerned about.  

Thanks for your help. 
- -- 
Kenneth P. Turvey <kt-usenet at squeakydolphin.com>
Phone : (314) 255-2199

XMPP  IM: kpturvey at jabber.org
Yahoo IM: kpturvey2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFEDV7yi2ZgbrTULjoRAoYDAJ4y5mQPT2YasIhhBQwsmRVYCFDzewCfdLU/
DY6ulNxZaYXb13ezHKEamVA=
=GVTp
-----END PGP SIGNATURE-----






More information about the ubuntu-users mailing list