LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-26-2010, 12:05 PM   #1
fortknox
LQ Newbie
 
Registered: Aug 2009
Posts: 3

Rep: Reputation: 0
Using VPN selectively?


Sorry, this may be a newbie question (and if so, feel free to move it to the newbie forum):

I am running Ubuntu Karmic. I can VPN into my client's site, no problem. After I VPN in, I use noMachine to get to my desktop machine there, and that is where I do my work. I have all of this running, no issues.

Now, I want to connect to VPN but -only- use it for the nomachine connection, nothing else. But when I use VPN it takes over the entire network. (Basically, I want to avoid the client internet proxy and be able to use other ports for stuff around the house).

I'm alright with linux and using config files and such, but am -not- a networking guy, so I get lost in some of the howto's I've read. Is there a quick and easy way to do this?

Thanks!
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 01-26-2010, 01:13 PM   #2
ozanbaba
Member
 
Registered: May 2003
Location: Tengiz
Distribution: Slackware64 14.1
Posts: 672

Rep: Reputation: 94
ip ranges and subnet masks. you need to create two different network, one for VPN (you can't change the configuration, right. in the end it's the work network) and one for home network (internet and such).

i did look into it some time ago for my home network. it goes roughy as like this: configure the router for using different subnetmesk and ip range. configure the computer to use one network for noMachine, one network for rest. i gave up at one point as my sh++y smc router can not be configured for using too much different works.


and i can't find the how-to about it. ahhh.

and by the way, what's your VPN system?
 
Old 01-26-2010, 02:11 PM   #3
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Hi.

There's two hoops to jump through:
1) Routes
2) DNS

Routes:
Start your VPN connection, the run 'route'. Here's what mine looks like
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
xxx.xxx.xx.xx   192.168.0.1     255.255.255.255 UGH   0      0        0 eth0
10.254.202.96   *               255.255.255.224 U     0      0        0 tun0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
link-local      *               255.255.0.0     U     1002   0        0 eth0
default         *               0.0.0.0         U     0      0        0 tun0
That 'default' line is what routes all your traffic down the VPN (tun0), so you need to get rid of it. Doing that will mean that /nothing/ gets routed down the VPN or your Internet connection though, so you need to replace it with a rule for the VPN, and a rule for the Internet. My work's network is all 10.0.0.0 addresses (and there should be no 10.0.0.0 network addresses on the public Internet), so I add a route for 10.0.0.0/8 through tun0 (the VPN), and then add a default route for everything else through my Internet connection (eth0)
Code:
route del default
route add -net 10.0.0.0/8 tun0
route add default gw 192.168.0.1 eth0
(192.168.0.1 is my home ADSL router).
That's the routing taken care of. See if you can ping an IP on your work network, and an IP on the Internet.

DNS:
While the VPN is still open, and you've done the above, see if you can ping google.com . If you get an 'unknown host google.com', then read on, otherwise that should be you good to go.

Your VPN client will have replaced your normal internet DNS servers with its own DNS. Since you're VPN'ing into a firewalled network, it's likely that the VPN DNS server won't resolve Internet addresses, so you'll have to fix that. Close the VPN connection, if you haven't already, and copy /etc/resolv.conf to /etc/resolv.conf.home . Then start the VPN connection again and copy /etc/resolv.conf.home over the top of /etc/resolv.conf and you should be able to resolve Internet addresses again. Unfortunately, you won't be able to resolve addresses for your work network any more, so you'll have to use IP addresses to get to your desktop machine etc (or you can add addresses and names to /etc/hosts).


Post your 'route' outputs before and after connecting if you can't get it to work and we'll see if there's any tweaks that need to be made to the routes.

N.B. Doing all of this may well be a violation of the security policy for the network - you're basically putting an Internet facing machine into a firewalled network, and the network admins probably won't like that. Tread carefully.

Dave
 
2 members found this post helpful.
Old 01-26-2010, 03:22 PM   #4
fortknox
LQ Newbie
 
Registered: Aug 2009
Posts: 3

Original Poster
Rep: Reputation: 0
ilikejam, that is perfect. Figured it out without any trouble from your example. Even simplified it, since I'm using gnome's built in vpn configuration. I just enabled "Use this connections for only this resource" in the VPN configuration (that never worked for me in the past), and then added a route to point to my work machine through the tunnel, and everything worked exactly like I wanted!

Thanks!

FYI - you mention that the network admins probably won't like it. However, I only use this when I'm home sick, which is a rarity. Having said that, I can't imagine this is something they'll notice or be able to monitor, correct?
 
Old 01-26-2010, 03:32 PM   #5
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Hi.

Yeah, it's unlikely that your Comms would be able to detect this sort of setup, so I wouldn't be too worried about it. That said, if they hunt you down and beat you to death with a hardback copy of 'The Practice of System and Network Administration, Second Edition', we never had this conversation.

Have fun.

Dave
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to selectively install from a RPM areftaidi Fedora 2 06-01-2007 12:26 PM
Can you untar selectively? stefaandk Linux - Newbie 1 06-14-2005 10:15 PM
How to selectively change permissions Xzanron Linux - Newbie 8 01-31-2005 08:59 AM
Selectively 'waiting' in a shell script subu_s Programming 2 12-20-2004 05:57 AM
Program that can selectively download email? oot Linux - Software 2 01-02-2004 11:47 PM


All times are GMT -5. The time now is 10:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration