Re: Users not able to surf while connected to the VPN (Route question)
M Maas <mark@menem.mine.nu> said on Mon, 26 Apr 2004 19:44:56 +0200:
> up route add -net 192.168.3.0/24 gw 192.168.8.4
> up route add -net 10.1.0.0/24 gw 192.168.8.4
>
> It's working perfectly without problems, but while my users
> are logged in from home, (with cable dsl, modem or whatever)
> they cannot surf the internet. I would like to add this
> capability to this already perfect setup.
I'm using vpnc, and setup my route to look like this:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
xxx.111.254.210 gateway.home 255.255.255.255 UGH 0 0 0 eth0
hexane.xxx.xxxx gateway.home 255.255.255.255 UGH 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
xxx.111.0.0 * 255.255.0.0 U 0 0 0 vpnlink
default gateway.home 0.0.0.0 UG 0 0 0 eth0
the hexane route is left going through the normal gateway, because if
vpnc gets stuck (several times a day!), I can still go to the gateway
machine on the other network. The default route is my gateway, and
only traffic destined for the other network, other than hexane, end up
going through the vpn.
This is set up automatically for me mostly by the vpnc in sid, with
the line in /etc/vpnc.conf:
Target networks xxx.111.0.0/16
(I add the explicit hexane route by hand in the script that monitors
whether the vpn has spontaneously combusted yet - using:
system("ip route add xxx.111.12.14 via 192.168.1.1 dev eth0");
Come to think it of, I could probably just have said:
Target networks xxx.111.0.0/16 xxx.111.12.14/32
)
--
TimC -- http://astronomy.swin.edu.au/staff/tconnors/
Ah, so many of life's little problems can be solved by head
vaporisation. -- Zixia in ARK
Reply to: