How to set routes for my vpn connection

internet vpn routing vpnc

In my previous question I was asking about setting up vpnc connection. I've installed network-manager-vpnc so now I can configure all this stuff right from network manager gui.

I have got this pretty picture from related topic:

I have got this pretty picture from related topic:

So the question is how to figure out what Address, Netmask and Gateway should I use to pass ONLY this trafic through vpn.

As a basis I have got an ip and a port of the external service which I want to use through vpnc. So inernet and other traffic should go as always through ethernet or wifi.

  • External ip: 10.20.30.40
  • Port: 1433 (this is sql server actually)

  1. Now click on the “IPv4 Settings” tab and click “Routes…”
  2. Click “Add” and in the “Address” box, enter the IP address of the machine you which to access. For our XYZ server, this is “203.0.113.3”. In the “Netmask” box enter “255.255.255.255” (to indicate we only want this single IP address). Leave the Gateway and Metric boxes empty.
  3. Select “Use this connection only for resources on its network”
  4. Click “Ok” on the “Editing IPv4 routes” box
  5. Click “Save…”

Copy from http://blog.rac.me.uk/2013/10/20/linux-setting-up-a-vpn-to-only-route-specific-ip-addresses/


I'm using the VPN to connect to my internal network, at the office. I want to keep my internet access using my provider, but I also want to access several machines within the office.

To do so, I select:

  • Use this connection only for resources on its network
  • Add a new route with:
    • IP address: 192.168.100.0 (the address of my office network; not just one specific machine)
    • Netmask: 255.255.255.0
    • Gateway: 192.168.100.143 (I get the IP from the route table after connection the VPN for the first time).
    • Metric: 1

This command line do the same as the above configuration:

sudo route add -net 192.168.100.0/24 gw 192.168.100.143 metric 1

Afterwards, I can connect to any office host on that network, using ssh, remmina, etc.


I got "address", "netmask", and "gateway" in this way:

1) connect to VPN normally

2) run "ifconfig" command. output is somthing like this:

eth0      ....
          .... 

lo        ....
          .... 

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:172.16.11.15  P-t-P:172.16.11.1  Mask:255.255.255.255
          .... 
          ....

now:

  • set 'address' as the IP address you want to connect to it through VPN
  • set 'netmask' as 'mask' value in ppp0 output
  • set 'gateway' as 'p-t-p' value in ppp0 output

Try running this command if you want to add a static route for only a single host

nmcli connection modify <Connection-Name> ipv4.routes '10.20.30.40/32'

Or this if you want to add a static route to a subnet

nmcli connection modify <Connection-Name> ipv4.routes '10.20.30.0/24'

The general syntax for the ipv4.routes setting is: 'ip[/prefix] [next-hop] [metric] [attribute=val]... [,ip[/prefix] ...]'. Documentation here: https://developer.gnome.org/NetworkManager/unstable/nm-settings.html

To find out your VPN connection name just run nmcli connection show.

A side effect of doing things like this (and not through the UI) is that you can't modify things through the UI anymore without removing this route first. It's a pretty dump validation IMHO, but you can remove the route from the UI, do whatever other changes you want and then rerun the nmcli command.

Related

Change the "device name" in the details window of System settings
SVN and GNOME Keyring
How to start Skype 4 with Ubuntu 12.10?
Can't access apache error logs
How can I detach a tab from my main chrome window (into a new window)?
How to install Popcorn Time using installer from their official site? [duplicate]
CPU temperature embedded in Bash command prompt
How do I install support for Unicode emoji in Chromium?
Openning NetworkManager's edit connections window from terminal
How can I bypass this fontconfig warning to edit grub successfully?
Dash not working after upgrade to 13.10
Problems downloading playlist using youtube-dl