How to set routes for my vpn connection
In my previous question I was asking about setting up vpnc connection. I've installed network-manager-vpnc
so now I can configure all this stuff right from network manager gui.
I have got this pretty picture from related topic:
So the question is how to figure out what Address, Netmask and Gateway should I use to pass ONLY this trafic through vpn.
As a basis I have got an ip and a port of the external service which I want to use through vpnc. So inernet and other traffic should go as always through ethernet or wifi.
- External ip: 10.20.30.40
- Port: 1433 (this is sql server actually)
- Now click on the “IPv4 Settings” tab and click “Routes…”
- Click “Add” and in the “Address” box, enter the IP address of the machine you which to access. For our XYZ server, this is “203.0.113.3”. In the “Netmask” box enter “255.255.255.255” (to indicate we only want this single IP address). Leave the Gateway and Metric boxes empty.
- Select “Use this connection only for resources on its network”
- Click “Ok” on the “Editing IPv4 routes” box
- Click “Save…”
Copy from http://blog.rac.me.uk/2013/10/20/linux-setting-up-a-vpn-to-only-route-specific-ip-addresses/
I'm using the VPN to connect to my internal network, at the office. I want to keep my internet access using my provider, but I also want to access several machines within the office.
To do so, I select:
- Use this connection only for resources on its network
- Add a new route with:
-
IP address
: 192.168.100.0 (the address of my office network; not just one specific machine) -
Netmask
: 255.255.255.0 -
Gateway
: 192.168.100.143 (I get the IP from the route table after connection the VPN for the first time). -
Metric
: 1
-
This command line do the same as the above configuration:
sudo route add -net 192.168.100.0/24 gw 192.168.100.143 metric 1
Afterwards, I can connect to any office host on that network, using ssh, remmina, etc.
I got "address", "netmask", and "gateway" in this way:
1) connect to VPN normally
2) run "ifconfig" command. output is somthing like this:
eth0 ....
....
lo ....
....
ppp0 Link encap:Point-to-Point Protocol
inet addr:172.16.11.15 P-t-P:172.16.11.1 Mask:255.255.255.255
....
....
now:
- set 'address' as the IP address you want to connect to it through VPN
- set 'netmask' as 'mask' value in ppp0 output
- set 'gateway' as 'p-t-p' value in ppp0 output
Try running this command if you want to add a static route for only a single host
nmcli connection modify <Connection-Name> ipv4.routes '10.20.30.40/32'
Or this if you want to add a static route to a subnet
nmcli connection modify <Connection-Name> ipv4.routes '10.20.30.0/24'
The general syntax for the ipv4.routes
setting is: 'ip[/prefix] [next-hop] [metric] [attribute=val]... [,ip[/prefix] ...]'
. Documentation here: https://developer.gnome.org/NetworkManager/unstable/nm-settings.html
To find out your VPN connection name just run nmcli connection show
.
A side effect of doing things like this (and not through the UI) is that you can't modify things through the UI anymore without removing this route first. It's a pretty dump validation IMHO, but you can remove the route from the UI, do whatever other changes you want and then rerun the nmcli
command.