[vpnc-devel] Alternate routes
Tomas Kopal
Tomas.Kopal at eccam.com
Mon Feb 4 10:45:14 CET 2008
Hi Bryan,
On 3.2.2008 23:29, Bryan Stevenson wrote:
>> As far as routing is concerned, I'm in the same situation. I
>> basically forked the provided vpnc-script.sh to ignore anything the
>> server said about default routes and only add the routes I wanted. As
>> I don't use Windows, I'm not sure what exactly you'll need to do to
>> the windows script, but the general method is the same. vpnc passes
>> arguments to the script via environment variables; just ignore the
>> ones you don't want to use.
>>
>> -Jeremy
>>
>
> Ahh...well maybe you're in luck as I'm on Linux (Ubuntu Gutsy....latest
> kernel). I suspect I said something that lead you to think I was on
> Windows (recently dumped it actually).
>
> As I mentioned in my initial post, I REALLY need an example of:
> 1) both network details
> 2) those network details used in the solution
> 3) how to implement that solution
>
> Just assume I know nothing about the inner workings of VPNC (which is
> pretty much true).
>
> So if you can tell me what you did to the vpnc-script.sh file and which
> changes are for which network (and what each IP
> is...gateway/netmask/etc), I'd be a VERY happy camper
>
> Cheers
>
>
No need to create forked vpnc-script.sh. Just add "Script
/etc/vpnc/local-setup" to your vpnc.conf file. local-setup file should
look something like:
#!/bin/sh
# This is a wrapper for the vpnc-script overriding some variables needed
# for my local VPN connection
# this effectively disables changes to /etc/resolv.conf
INTERNAL_IP4_DNS=
# This sets up split networking regardless of the concentrators
specifications.
# You can add as many routes as you want, but you must set the counter
$CISCO_SPLIT_INC
# accordingly
CISCO_SPLIT_INC=1
CISCO_SPLIT_INC_0_ADDR=aaa.aaa.aaa.aaa
CISCO_SPLIT_INC_0_MASK=bbb.bbb.bbb.bbb
CISCO_SPLIT_INC_0_MASKLEN=cc
CISCO_SPLIT_INC_0_PROTOCOL=0
CISCO_SPLIT_INC_0_SPORT=0
CISCO_SPLIT_INC_0_DPORT=0
# run the original script
. /etc/vpnc/vpnc-script
Change the aaa.aaa.aaa.aaa to the IP address of the network behind the
VPN (e.g. 192.168.0.0), bbb.bbb.bbb.bbb is the netmask of the network
behind VPN (e.g. 255.255.0.0) and cc is the length of the netmask
(number of valid bits in the network address, e.g. 16 in this case).
Hope this helps.
Tomas
More information about the vpnc-devel
mailing list