Route and vpnc
Kenneth P. Turvey
kt-usenet at squeakydolphin.com
Tue Mar 7 10:23:02 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 06 Mar 2006 16:15:16 -0500, MrKnisely wrote:
>>>>>I use vpnc to connect to the Universities wireless system and to gain
>>>>>access to the Beowulf cluster on campus. When I use it to connect to
>>>>>wireless network, I would like all of my IP traffic to be directed
>>>>>the university's network, but when I use it at home to connect to a
>>>>>machine on campus, I would like all of my network traffic to be
>>>>>handled normally, except that destined for the university network.
Someone else replied:
>>>>What you are lookig for is split horizons support in vpnc. I don't
>>>>know if that is there. It's potentially risky as it can allow traffic
>>>>from other networks through your machine and down the vpn tunnel
>>>>you've created, thus opening a huge security hole in your university
As it turns out this is really just a routing problem. I am using the
following script to set everything up:
# Connects to UMSL's wireless network.
# Assumes that the vpn client is set up with an umsl.config
# in /etc/vpnc/umsl.conf
iwconfig eth1 essid "MyESSID"
iwconfig eth1 key restricted MYREALLYLONGSTRINGOFHEX
iwconfig eth1 key on
iwconfig eth1 mode managed
route del default gw 0.0.0.0
route add default gw 192.168.15.1
route add -net 18.104.22.168 netmask 255.255.0.0 dev tun0
resolvconf -d tun0
This must be run as root, but it connects to my local wireless network,
then the VPN, handles the routing issue and then the DNS issues. I should
note that this would be a little more complicated if I had to use the
University's DNS servers for machines in their domain and my normal DNS
for everything else.
I understand the security implications of this and I think I have little
to be concerned about.
Thanks for your help.
Kenneth P. Turvey <kt-usenet at squeakydolphin.com>
Phone : (314) 255-2199
XMPP IM: kpturvey at jabber.org
Yahoo IM: kpturvey2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the ubuntu-users