On 3/2/06, Brian Phillips <[EMAIL PROTECTED]> wrote: > > > Sorry for the bad format, I am using a webmail client. > > The fact that you can ping your own subnet AFTER you connect means that you > are using the routing table to get to your subnet, but since there is no > default gateway set, anything beyond your subnet is unknown to your > computer. The route that says "128.187.34.xx (I forgot what it was) with a > subnet of 255.255.255.255 and a gateway of 10.7.77.1" means that ONLY > traffic bound for 128.187.34.xx will get a response (try pinging your vpn > concentrator ip address after you are connected. You should get a response > (unless there's a firewall. Let us know the result.)). >
The vpn concentrator's ip would be the one in the vpnc conf file - right - under 'IPSec gateway'? When I ping that ip after connecting I get a response. > I am led to believe this is either a) the way it was designed and there is a > problem with your vpn concentrator. This would imply that the vpnc takes > care of catching all packets, mangling them, and routing them. It would > create the packet containing the ip address of where you REALLY want it to > go and send it ALL to the vpn concentrator and let that thing sort it out > and send it to where it should really go. Hence, the only real thing you > will be able to connect to outside your network is the vpn concentrator at > the mtc (and the only real route OUT of your subnet you have available). > I'm perfectly happy if the only thing I can connect to is my computer at work. > Or b) not the way it was designed, you should have a default gateway that is > something besides the vpn concentrator. > > With church VPN connections, they have two profiles. One that provides a > situation similar to A. When people use this profile, for all intents and > purposes they LEAVE their network and go to the church connection. This > causes trouble in some cases because they can no longer connect to printers > in their office and all their traffic has to go to salt lake before it comes > back (if it can make it back at all...if the vpn concentrator in salt lake > doesn't know how to route to their office, they are OUT of their office...). > They created a profile similar to B for cases where A doesn't work. It's > called a split profile and does what it's name implies. It will look at the > packet and decide (is this bound for this local area, or is it bound for > something outside on the internet, or is it bound for something deep within > the church network). Once it makes it's decision, it routes it accordingly. > They are able to have all the functionality they had before, but they also > have the ability to get to places where their routes wouldn't let them go > before... > > I would try two things. First, do you know anyone who has a similar, linux, > setup as you? If so, have them compare profiles and routing tables. Make > sure they are the same. > I asked my boss before this started, and he said everyone else runs WinXP. > The other easier thing to do would be to go into your windows box. Create > the connection and check your route tables there. This is assuming the > connection works as expected on your windows machine :). If you can do all > that and it works as expected, just open a command prompt after you are > connected and type "route print" and paste the output here. > Now... I have never had a windows box with a vpn connection like I'm wanting on this linux box. I'll ask someone at work who has their windows box setup to do that and get me the output. I'm sure that someone out there has done this before on linux, but maybe not. > My guess is you SHOULD have a default gateway. The difficulty is knowing > whether that default gateway should be on tun0 or eth0 and whether it should > be 128.187.34.xx or 10.7.77.1 address. Your windows route tables should > shed some light on this. > > Brian Thanks for the help. -Rich -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
