VPN Default Route

["Ermanno Bonifazi" <ermannobonifazi gmail com>]

I'm back on the subject below.  I have just upgraded to Ubuntu 8.10 and find confusing that creating a PPTP VPN all traffic is routed via the VPN (this mean the default gateway is set by an automatic policy to the VPN pppx).

Since I'm using a mobile broadband modem and my PPTP VPN do not accept all traffic but just the VPN traffic, all the remaing Internet traffic should go via the ppp0 (in my case the mobile broadband) and not via ppp1 (the VPN tunnell).

If you leave VPN with default setting, when a VPN is started the default gateway is automatically changed to VPN tunnel andf not the the previous default gw (the modem).

I was able to achieve this behavior going to IPv4 setting, adding a manual route for my VPN and checking the flag "Ignore automatically obtained routes".

I believe this may be confusing expecially for "standard user". I believe something more similar to Windows PPTP vpn ( a check "do not use gateway on remote network) could be more efficent, and will let the user decide if they want to use the VPN as default gw or the previous set default ge (in my case the modem or the WLAN). May be in fact also difficult that user will know the route set by the VPN server to add this information in IPV4 routes tab of NM.

So far this is my understanding of the behavior, but looking on the web, I've nof found a different and simpler way to achieve the behavior I mention.

Any suggestion or comment?

----------------------

by Dan Williams Nov 06, 2008; 10:38pm :: Rate this Message: - Use ratings to moderate (?)

Reply | Reply to Author | Print | View Threaded | Show Only this Message

On Thu, 2008-11-06 at 18:24 +0000, Rick Jones wrote:

> --On Thursday, November 06, 2008 16:49:29 +0000 Rick Jones
> <rick > wrote:
>
> ¦ I take your point. In fact for my purpose I should really have a
> gateway route just to 192.168.7.* via the VPN server. Can this kind of
> routing policy be configured in NM?
> ¦
> ¦ However, there's still a strange problem with these routes. If the
> default route to the MB gateway on ppp0 is not present, then nothing
> will go over the VPN on ppp1, not even the echo packets. Successful
> echo depends _only_ on the existence of this route. Other
> communication over the VPN depends on both this _and_ an explicit
> route to the VPN server on ppp1.
> ¦
> ¦ I've tried all kinds of route permutations, and it won't work if the
> original MB default route is not there. It doesn't seem to make a lot
> of sense, but that's what's happening. Maybe you can figure it out?
>
> Cracked it!
>
> There must be at minimum a gateway route to the VPN host via ppp0,
> since pptp is using that to carry the VPN packets. By adding just that
> route, everything then works. The routing table ends up as:
>
> 82.153.174.82   10.44.200.0     255.255.255.255
> UGH   0      0        0 ppp0
> 10.44.200.0     0.0.0.0         255.255.255.255
> UH    0      0        0 ppp0
> 0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp1
>
> The first line is the route I manually added. 82.153.174.82 is the
> public address of my server, 10.44.200.0 is the MB gateway for the
> current session. If the original default route via the MB gateway is
> removed, then it must be replaced by this.

... [show rest of quote]

This is how it should already work with recent VPN and PPTP fixes; I
fixed a few PPTP things the other day.  If it doesn't do this with
latest SVN then it's a bug.

> It would be nice to be able to set a policy of which addresses go via
> the VPN, but it's not critical so long as this routing fix is made.

You do this from the Routes dialog in the IPv4 tab of the connection
editor

Dan

-- 
Ermanno Bonifazi