Route and vpnc

MrKnisely mrknisely at mrknisely.is-a-geek.org
Tue Mar 7 13:33:02 UTC 2006


Kenneth P. Turvey wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Mon, 06 Mar 2006 16:15:16 -0500, MrKnisely wrote:
>
>I wrote:
>  
>
>>>>>>I use vpnc to connect to the Universities wireless system and to gain
>>>>>>access to the Beowulf cluster on campus.  When I use it to connect to
>>>>>>the
>>>>>>wireless network, I would like all of my IP traffic to be directed
>>>>>>through
>>>>>>the university's network, but when I use it at home to connect to a
>>>>>>single
>>>>>>machine on campus, I would like all of my network traffic to be
>>>>>>handled normally, except that destined for the university network.
>>>>>>            
>>>>>>
>
>Someone else replied: 
>  
>
>>>>>What you are lookig for is split horizons support in vpnc. I don't
>>>>>know if that is there. It's potentially risky as it can allow traffic
>>>>>          
>>>>>
>>>>>from other networks through your machine and down the vpn tunnel
>>>>        
>>>>
>>>>>you've created, thus opening a huge security hole in your university
>>>>>defenses.
>>>>>          
>>>>>
>
>As it turns out this is really just a routing problem.  I am using the
>following script to set everything up:
>
>#!/bin/bash
>#
># Connects to UMSL's wireless network.
># Assumes that the vpn client is set up with an umsl.config
># in /etc/vpnc/umsl.conf
>#
>
>killall vpnc
>killall dhclient
>iwconfig eth1 essid "MyESSID"
>iwconfig eth1 key restricted MYREALLYLONGSTRINGOFHEX
>iwconfig eth1 key on
>iwconfig eth1 mode managed
>dhclient eth1
>vpnc umsl.conf
>route del default gw 0.0.0.0
>route add default gw 192.168.15.1
>route add -net 134.124.0.0 netmask 255.255.0.0 dev tun0
>resolvconf -d tun0
>resolvconf -u
>
>This must be run as root, but it connects to my local wireless network,
>then the VPN, handles the routing issue and then the DNS issues.  I should
>note that this would be a little more complicated if I had to use the
>University's DNS servers for machines in their domain and my normal DNS
>for everything else.
>
>I understand the security implications of this and I think I have little
>to be concerned about.  
>
>Thanks for your help. 
>- -- 
>Kenneth P. Turvey <kt-usenet at squeakydolphin.com>
>Phone : (314) 255-2199
>
>XMPP  IM: kpturvey at jabber.org
>Yahoo IM: kpturvey2
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.1 (GNU/Linux)
>
>iD8DBQFEDV7yi2ZgbrTULjoRAoYDAJ4y5mQPT2YasIhhBQwsmRVYCFDzewCfdLU/
>DY6ulNxZaYXb13ezHKEamVA=
>=GVTp
>-----END PGP SIGNATURE-----
>
>
>
>  
>
Looks like a good way to handle things at your end.  Congratulations.

Mike K.




More information about the ubuntu-users mailing list