Hi.
There's two hoops to jump through:
1) Routes
2) DNS
Routes:
Start your VPN connection, the run 'route'. Here's what mine looks like
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
xxx.xxx.xx.xx 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0
10.254.202.96 * 255.255.255.224 U 0 0 0 tun0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1002 0 0 eth0
default * 0.0.0.0 U 0 0 0 tun0
That 'default' line is what routes all your traffic down the VPN (tun0), so you need to get rid of it. Doing that will mean that /nothing/ gets routed down the VPN or your Internet connection though, so you need to replace it with a rule for the VPN, and a rule for the Internet. My work's network is all 10.0.0.0 addresses (and there should be no 10.0.0.0 network addresses on the public Internet), so I add a route for 10.0.0.0/8 through tun0 (the VPN), and then add a default route for everything else through my Internet connection (eth0)
Code:
route del default
route add -net 10.0.0.0/8 tun0
route add default gw 192.168.0.1 eth0
(192.168.0.1 is my home ADSL router).
That's the routing taken care of. See if you can ping an IP on your work network, and an IP on the Internet.
DNS:
While the VPN is still open, and you've done the above, see if you can ping google.com . If you get an 'unknown host google.com', then read on, otherwise that should be you good to go.
Your VPN client will have replaced your normal internet DNS servers with its own DNS. Since you're VPN'ing into a firewalled network, it's likely that the VPN DNS server won't resolve Internet addresses, so you'll have to fix that. Close the VPN connection, if you haven't already, and copy /etc/resolv.conf to /etc/resolv.conf.home . Then start the VPN connection again and copy /etc/resolv.conf.home over the top of /etc/resolv.conf and you should be able to resolve Internet addresses again. Unfortunately, you won't be able to resolve addresses for your work network any more, so you'll have to use IP addresses to get to your desktop machine etc (or you can add addresses and names to /etc/hosts).
Post your 'route' outputs before and after connecting if you can't get it to work and we'll see if there's any tweaks that need to be made to the routes.
N.B. Doing all of this may well be a violation of the security policy for the network - you're basically putting an Internet facing machine into a firewalled network, and the network admins probably won't like that. Tread carefully.
Dave