How to route my traffic through the VPN

David Woodhouse dwmw2 at infradead.org
Thu Aug 28 06:44:26 PDT 2014


On Thu, 2014-08-28 at 17:32 +0400, manmad dvb12er wrote:
> Hello there,
> I'm having trouble trying to connect through openconnect VPN on Ubuntu 14.04.
> What I basically need is to route my HTTP\S traffic in such way that my public IP will be the VPN address.
> I'm connecting using the "network-manager-openconnect".
> Here is my route table after I connect to the VPN:
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 0.0.0.0         10.0.0.138      0.0.0.0         UG    0      0        0 wlan0
> 10.0.0.0        0.0.0.0         255.0.0.0       U     9      0        0 wlan0
> 10.100.100.0    0.0.0.0         255.255.255.0   U     0      0        0 vpn0
> xx.yy.zz.cc    10.0.0.138      255.255.255.255 UGH   0      0        0 wlan0
> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 vpn0
> 192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 vpn0
> 
> Where xx.yy.zz.cc is the IP of the VPN server.
> When I go to "what is my ip" service, I get the same old IP instead of the VPN's one.

Right, so you are using the VPN only for connections to 192.168.1.0/23
and 10.100.100.0/24 networks. Anything *else* is still routed through
your wireless.

What you want to do, I assume, is change your default route so that
instead of going through your local gateway 10.0.0.138 it actually goes
to the VPN.

> I downloaded the last version of the script from here: http://www.infradead.org/openconnect/vpnc-script.html, nothing changed.

You aren't using that; you're using NetworkManager. That uses a 'script'
of its own which actually just passes all the routing information back
to NetworkManager over DBus and lets NetworkManager do it all.

Check your NetworkManager configuration for this connection. Go into the
advanced routing settings. There's a really badly misnamed option there
called "Use this connection only for resources on its network". If
that's set, then it'll refuse to set the default route through the VPN
even if the VPN server asks for it.

Are you sure your VPN server *is* requesting that the default route be
through the VPN? If not, you'll want to use the manual routing settings
in the NetworkManager configuration to do that.

-- 
dwmw2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140828/969caa5b/attachment-0001.bin>


More information about the openconnect-devel mailing list