Re: VPN Default Route

[Maxim Levitsky <maximlevitsky gmail com>]

On Fri, 2009-01-02 at 13:37 +0100, Ermanno Bonifazi wrote:
> I'm back on the subject below.  I have just upgraded to Ubuntu 8.10
> and find confusing that creating a PPTP VPN all traffic is routed via
> the VPN (this mean the default gateway is set by an automatic policy
> to the VPN pppx).
> 
> Since I'm using a mobile broadband modem and my PPTP VPN do not accept
> all traffic but just the VPN traffic, all the remaing Internet traffic
> should go via the ppp0 (in my case the mobile broadband) and not via
> ppp1 (the VPN tunnell).
> 
> If you leave VPN with default setting, when a VPN is started the
> default gateway is automatically changed to VPN tunnel andf not the
> the previous default gw (the modem).
> 
> 
> I was able to achieve this behavior going to IPv4 setting, adding a
> manual route for my VPN and checking the flag "Ignore automatically
> obtained routes".
> 
> I believe this may be confusing expecially for "standard user". I
> believe something more similar to Windows PPTP vpn ( a check "do not
> use gateway on remote network) could be more efficent, and will let
> the user decide if they want to use the VPN as default gw or the
> previous set default ge (in my case the modem or the WLAN). May be in
> fact also difficult that user will know the route set by the VPN
> server to add this information in IPV4 routes tab of NM.
> 
> So far this is my understanding of the behavior, but looking on the
> web, I've nof found a different and simpler way to achieve the
> behavior I mention.
> 
> Any suggestion or comment?
> 
> 
> 
> 
> ----------------------
> 
> 
> by Dan Williams Nov 06, 2008; 10:38pm :: Rate this Message:    - Use
> ratings to moderate (?)
> 
> Reply | Reply to Author | Print | View Threaded | Show Only this
> Message
> 
> 
> On Thu, 2008-11-06 at 18:24 +0000, Rick Jones wrote: 
> 
> > --On Thursday, November 06, 2008 16:49:29 +0000 Rick Jones 
> > <rick    > wrote: 
> > 
> > ¦ I take your point. In fact for my purpose I should really have a 
> > gateway route just to 192.168.7.* via the VPN server. Can this kind
> of 
> > routing policy be configured in NM? 
> > ¦ 
> > ¦ However, there's still a strange problem with these routes. If
> the 
> > default route to the MB gateway on ppp0 is not present, then
> nothing 
> > will go over the VPN on ppp1, not even the echo packets. Successful 
> > echo depends _only_ on the existence of this route. Other 
> > communication over the VPN depends on both this _and_ an explicit 
> > route to the VPN server on ppp1. 
> > ¦ 
> > ¦ I've tried all kinds of route permutations, and it won't work if
> the 
> > original MB default route is not there. It doesn't seem to make a
> lot 
> > of sense, but that's what's happening. Maybe you can figure it out? 
> > 
> > Cracked it! 
> > 
> > There must be at minimum a gateway route to the VPN host via ppp0, 
> > since pptp is using that to carry the VPN packets. By adding just
> that 
> > route, everything then works. The routing table ends up as: 
> > 
> > 82.153.174.82   10.44.200.0     255.255.255.255 
> > UGH   0      0        0 ppp0 
> > 10.44.200.0     0.0.0.0         255.255.255.255 
> > UH    0      0        0 ppp0 
> > 0.0.0.0         0.0.0.0         0.0.0.0         U     0      0
>    0 ppp1 
> > 
> > The first line is the route I manually added. 82.153.174.82 is the 
> > public address of my server, 10.44.200.0 is the MB gateway for the 
> > current session. If the original default route via the MB gateway
> is 
> > removed, then it must be replaced by this.
> ... [show rest of quote]
> 
> This is how it should already work with recent VPN and PPTP fixes; I 
> fixed a few PPTP things the other day.  If it doesn't do this with 
> latest SVN then it's a bug. 
> 
> > It would be nice to be able to set a policy of which addresses go
> via 
> > the VPN, but it's not critical so long as this routing fix is made. 
> 
> You do this from the Routes dialog in the IPv4 tab of the connection 
> editor 
> 
> Dan 
> 
> -- 

I second that.

Same here.

Best regards,
	Maxim Levitsky