Routing problem (Tunneling)

[archeleus]

Hi, well I am running a VPN (Juniper Networks client) and an ifconfig shows me that its opening a tunnel and also adding routing instructions (I think). Anyway the problem is that when I'm connected to the VPN, I lose route to all my local machines and this is getting annoying when I want to use ssh.

Does anyone know how to not route a certain range of IP's through the VPN?

Thanks.

[Irithori]

Depends on you network(s).

Something along the lines

Code:

route add -net <YOUR_NET> netmask <YOUR_NETMASK> dev <YOUR_DEV>
and/or
route add -net <YOUR_NET> netmask <YOUR_NETMASK> gw <YOUR_GATEWAY

Use route after the vpn is established.

This is jsut a quick hack, maybe that vpn client takes configuration (no idea)
or you can at least wrap the vpn client call + the routes in a script.

[Mudgen]

What you want is called "split tunneling" in VPN jargon. You may be able to configure it in the Juniper client, but you may find that the VPN server you're connecting to force pushes a "no split tunnel policy". Many corporate security policies require that they be configured that way to avoid the possibility of the client being used to establish a backdoor route.

[archeleus]

Depends on you network(s).

Something along the lines

Code:

route add -net <YOUR_NET> netmask <YOUR_NETMASK> dev <YOUR_DEV>
and/or
route add -net <YOUR_NET> netmask <YOUR_NETMASK> gw <YOUR_GATEWAY

Use route after the vpn is established.

This is jsut a quick hack, maybe that vpn client takes configuration (no idea)
or you can at least wrap the vpn client call + the routes in a script.

Thanks, it worked. Just another query, if I don't want to route an entire network, just one box with an ip x.x.x.x, should I just give

route add -host x.x.x.x netmask X.X.X.X dev <device>

?

[archeleus]

Right, that was stupid.
I figured it out.

Thanks both of you.