VPNC 0.3.3

SteveT · 05-08-2006, 12:51 PM

I am trying to set up a VPNC connection to a remote site, and so far that seems to be working fine.
The problem is that my local internet connection and mail no longer work while the tunnel is active. From what I can gather on the net I need to set up a target network, but from what I've read so far (see below), the examples seem to related to a different version of vpnc as the 'Target' instruction doesn't appear to wotk in my config file. I'm a networking dummy, so if you have any suggestions, can you keep them simple (and exclude expletives!). Thanks.

....Custom route setting
By default, the default route is deleted after connection and
replaced with the new one (going trough the VPN tunnel device).
However, some people wish to limit the target address range to
few IP ranges. This can be done using the config directive
Target networks in the config file. For example:
Target networks 123.234.210.0/24 10.1.0.0/16

acid_kewpie · 05-08-2006, 12:56 PM

you just need to personalise the vpnc script to suit your needs. all the parameters are clearly detailed at the top of the default file. personally i have added this at the top of mine

Code:

CISCO_SPLIT_INC=2

CISCO_SPLIT_INC_0_ADDR=10.224.0.0
CISCO_SPLIT_INC_0_MASK=255.255.0.0
CISCO_SPLIT_INC_0_MASKLEN=16
CISCO_SPLIT_INC_0_PROTOCOL=0
CISCO_SPLIT_INC_0_SPORT=0
CISCO_SPLIT_INC_0_DPORT=0

CISCO_SPLIT_INC_1_ADDR=221.0.0.0
CISCO_SPLIT_INC_1_MASK=255.0.0.0
CISCO_SPLIT_INC_1_MASKLEN=8
CISCO_SPLIT_INC_1_PROTOCOL=0
CISCO_SPLIT_INC_1_SPORT=0
CISCO_SPLIT_INC_1_DPORT=0

so here i say i have two routes to use specifically, instead of setting a default gateway. if these settings aren't there, then it takes your default gateway. if they are then it doesn't.

SteveT · 05-09-2006, 08:12 AM

Thanks for the reply. I tried to set up speficic routes but only suceeded in breaking the VPN and still not having any internet connection.
In layman's terms what route should I add to the vpn-script file? Would (should) this be the local network address at the remote end? IE in my case add a 100.0.0.0 255.255.0.0 16 set?

What I'm after is all traffic targeted at 100.0 ips (that's the network that sits behind the tunnel)to be routed through the tunnel, anything on my local 192.168 address set to stay internal and all else to go via my local gateway.
My standard routing (no vpn connect) is:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1

With vpnc routing (but no mods to vpn-script):
Destination Gateway Genmask Flags Metric Ref Use Iface
www.xx.yyy.zzz 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0

Does any of that make sense?

acid_kewpie · 05-09-2006, 09:38 AM

as above, all i did was add those lines to permit access to the two networks. just add the equivalent to yours.

SteveT · 05-12-2006, 01:15 AM

Chris,
Sorry for the delay in replying - I tried again and it seems ok (I can connect via the VPN and still have access to mail etc) - so thanks for that.
Is there a chance that the reason it didn't work first time was to how vpnc was previously shut down? The reason I ask, is that I have been testinbg the link by keeping it open for a few hours, rebootng the machine etc and it would seem that if I don't do a clean shut down of vpnc (yesterday it timed out after 8 hours - ?re-keying?) - then I have problems the next time I use it.