Get local IP address of VPN gateway

vpn routing

TMI: I'm told that manually specifying routes is necessary because Linux doesn't support dns-based routes. (I'm in the dark.) I can confirm, at least, that my requests to the target host consistently timeout.

This is partially true, but not exactly in the way you imply.

IP routes are never DNS-based, as the name lookup is a separate step from route lookup – by the time the OS needs to check the routing table, it has no way to associate it with the original domain name that was used.

So there is no difference between Windows and Linux in this regard. Corporate VPNs usually work by providing specific IP-based routes for all hosts that the user may need to access.

Where Windows and Linux do differ is in being able to "route" the DNS lookups themselves to different DNS servers based on their suffix. Linux only supports this if 'systemd-resolved' is being used (and the VPN app cooperates with it), or if manual configuration of additional apps is done (e.g. using dnsmasq), while Windows has it "native".

(Many people do not yet consider systemd-provided functionality to be "built-in".)

Often corporate VPNs use "split DNS", where a domain like 'foo.example.com' may give different results – i.e. resolve to a private IP address when the VPN DNS servers are queried, bt a public IP address otherwise. In this case, you don't need IP routes to be domain-based, instead you need the DNS queries to use the correct DNS server.

My VPN client is Cisco AnyConnect. I've tried to look for the gateway by running ip route | grep default, but that gives me only my wifi router's address.

Yes, your VPN doesn't set up a "default" route; this is usually normal for corporate VPNs. (In fact if there was a default route via the VPN, you wouldn't be having this problem in the first place, as all traffic would go through the VPN anyway!)

However, also note that AnyConnect uses a 'tun' interface, which is a "layer-3 tunnel" or "point-to-point" tunnel. With this tunnel type, the remote gateway is actually irrelevant (as there's no layer-2 header which could be affected by it), and it should be enough for a route to only specify the device.

For example:

ip route add <TargetServerIP>/32 dev cscotun0

Related

What is a new-tab-page-third-party in chrome?
How to make Windows Subsystem for Linux use proxied connections?
Remote Desktop in Windows 10 Home
How do I pause my batch script without having to add a pause command?
How can I fix the "remote proxy closed the connection" error in X2Go?
Is it possible to get more screen real-estate in explorer in windows 8?
How is it possible that the "created" timestamp for a file is later than the "last modified" one?
Monitor flashes black when starting video files, opening folders with video files
What's the PowerShell syntax for multiple values in a switch statement?
GOBIN not set: cannot run go install
Double parenthesis with and without dollar
Installing cmake with home-brew