LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   VPN Client can't access Internet (https://www.linuxquestions.org/questions/linux-networking-3/vpn-client-cant-access-internet-546484/)

Whiskerz 04-16-2007 10:16 AM
VPN Client can't access Internet
 
Hey there,

the situation is as follows : at work I need a VPN connection if I want to access the internet with my laptop. This works great using windows, just type in the VPN server address, your username and password and you're all set. However when using Linux I can also get a vpn connection set up but no internet.

According to the administrator they don't really have any experience in Linux and don't plan to support it directly, but there have been rumors of people long gone who made it work. Supposedly it was some sort of routing problem.

I've tried both vpnc and a cisco vpn client. Using vpnc I get the following results for ifconfig and route :

Code:
Kernel IP Routentabelle
Ziel            Router          Genmask        Flags Metric Ref    Use Iface
192.168.0.2    *              255.255.255.255 UH    0      0        0 eth1
192.168.0.0    *              255.255.0.0    U    0      0        0 eth1
loopback        *              255.0.0.0      U    0      0        0 lo
default        *              0.0.0.0        U    0      0        0 tun0
Code:
eth0      Protokoll:Ethernet  Hardware Adresse 00:0D:60:8C:26:0D 
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 Sendewarteschlangenlänge:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Basisadresse:0x8000 Speicher:c0220000-c0240000

eth1      Protokoll:Ethernet  Hardware Adresse 00:0E:35:0C:47:FA 
          inet Adresse:192.168.1.77  Bcast:192.168.255.255  Maske:255.255.0.0
          inet6 Adresse: fe80::20e:35ff:fe0c:47fa/64 Gültigkeitsbereich:Verbindung
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1995 errors:0 dropped:25 overruns:0 frame:0
          TX packets:286 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 Sendewarteschlangenlänge:1000
          RX bytes:124824 (121.8 Kb)  TX bytes:39193 (38.2 Kb)
          Interrupt:11 Basisadresse:0x6000 Speicher:c0214000-c0214fff

lo        Protokoll:Lokale Schleife 
          inet Adresse:127.0.0.1  Maske:255.0.0.0
          inet6 Adresse: ::1/128 Gültigkeitsbereich:Maschine
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:134 errors:0 dropped:0 overruns:0 frame:0
          TX packets:134 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 Sendewarteschlangenlänge:0
          RX bytes:27712 (27.0 Kb)  TX bytes:27712 (27.0 Kb)

tun0      Protokoll:UNSPEC  Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet Adresse:141.21.5.181  P-z-P:141.21.5.181  Maske:255.255.255.255
          UP PUNKTZUPUNKT RUNNING NOARP MULTICAST  MTU:1412  Metric:1
          RX packets:2 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 Sendewarteschlangenlänge:500
          RX bytes:294 (294.0 b)  TX bytes:140 (140.0 b)
Using the cisco client yields similar values and the same result, for the sake of completeness :

Code:
Kernel IP Routentabelle
Ziel            Router          Genmask        Flags Metric Ref    Use Iface
192.168.0.2    *              255.255.255.255 UH    0      0        0 eth1
141.21.0.0      *              255.255.0.0    U    0      0        0 cipsec0
loopback        *              255.0.0.0      U    0      0        0 lo
default        vpnclient21.fzi 0.0.0.0        UG    0      0        0 cipsec0
Code:
cipsec0  Protokoll:Ethernet  Hardware Adresse 00:0B:FC:F8:01:8F 
          inet Adresse:141.21.5.181  Maske:255.255.0.0
          inet6 Adresse: fe80::20b:fcff:fef8:18f/64 Gültigkeitsbereich:Verbindung
          UP RUNNING NOARP  MTU:1356  Metric:1
          RX packets:25 errors:0 dropped:434 overruns:0 frame:0
          TX packets:101 errors:0 dropped:146 overruns:0 carrier:0
          collisions:0 Sendewarteschlangenlänge:1000
          RX bytes:3688 (3.6 Kb)  TX bytes:12249 (11.9 Kb)

eth0      Protokoll:Ethernet  Hardware Adresse 00:0D:60:8C:26:0D 
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 Sendewarteschlangenlänge:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Basisadresse:0x8000 Speicher:c0220000-c0240000

eth1      Protokoll:Ethernet  Hardware Adresse 00:0E:35:0C:47:FA 
          inet Adresse:192.168.1.77  Bcast:192.168.255.255  Maske:255.255.0.0
          inet6 Adresse: fe80::20e:35ff:fe0c:47fa/64 Gültigkeitsbereich:Verbindung
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1742 errors:0 dropped:25 overruns:0 frame:0
          TX packets:243 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 Sendewarteschlangenlänge:1000
          RX bytes:100343 (97.9 Kb)  TX bytes:33529 (32.7 Kb)
          Interrupt:11 Basisadresse:0x6000 Speicher:c0214000-c0214fff

lo        Protokoll:Lokale Schleife 
          inet Adresse:127.0.0.1  Maske:255.0.0.0
          inet6 Adresse: ::1/128 Gültigkeitsbereich:Maschine
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:129 errors:0 dropped:0 overruns:0 frame:0
          TX packets:129 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 Sendewarteschlangenlänge:0
          RX bytes:27432 (26.7 Kb)  TX bytes:27432 (26.7 Kb)
I looked through what I found on the net, but did not have the time to go into linux routing internals. There didn't seem to be an "obvious" solution to me. Does anybody have an idea, what might be wrong? As I said, it works for the windows client. Do I need to switch back or is there some way I don't have to spend hours figuring out linux internals if I preferred not to use M$?

/Whizz

acid_kewpie 04-17-2007 03:07 AM
by default all traffic will be sent to the vpn peer. under vpnc you can control if this is actually the case. edit the /etc/vpnc/vpnc-script and follow the comments at the top to add CISCO_SPLIT_????? entries, e.g.

CISCO_SPLIT_INC=1

CISCO_SPLIT_INC_0_ADDR=10.1.0.0
CISCO_SPLIT_INC_0_MASK=255.255.0.0
CISCO_SPLIT_INC_0_MASKLEN=16
CISCO_SPLIT_INC_0_PROTOCOL=0
CISCO_SPLIT_INC_0_SPORT=0
CISCO_SPLIT_INC_0_DPORT=0

please don't think this is a bug or anything, and if you use the cisco client, then it's impossibel for it to override the settings as defined by your companies firewall. it's actally more likely down to the rst of your work netwrok stopping you using internet via their own woutes that would be used from a desk in the office...

Whiskerz 04-18-2007 04:02 AM
Thanks for the advice. Having been unsure about what data to set, and not finding anything on the net I tried the network address of my network adapter, the network address of the vpn server, the network address I get when I connect to the vpn server but all to no avail.

I'll cancel the project "vpn with linux at work" for now since it uses up to much time, but for now will refrain from reinstalling windows for the same reason. Thanks for your effort again!

Cheers

Whizz

acid_kewpie 04-18-2007 04:41 AM
i'd suggest sticking with it to be honest, as above doing what you want with VPNC is very simple.

CowLoon 04-20-2007 03:43 PM
What are the split entries doing? What does having 1 entry mean?

I am on the outside of my company and want to connect to the vpn but also be able to connect to the internet directly, not through the VPN. Is this possible?

acid_kewpie 04-20-2007 04:00 PM
well that's clearly exactly what the OP was asking, and what i answered. yes totally possible.

CowLoon 04-20-2007 04:16 PM
I didn't learn anything, but at least I feel pain.

acid_kewpie 04-20-2007 04:20 PM
hmm? if you are using vpnc, just read the comments at the top of the vpnc-script file with it and it should make more sense.


All times are GMT -5. The time now is 10:44 PM.