At my day job, I am allowed to telecommute one day per week. This is nice, because I need to save as much money on gas as possible. However, I was left with a bit of a conundrum. If I used my desktop PC, it was cut off from the rest of the internet (and local network). On the other hand, the work-supplied laptop I have it old, doesn’t have enough ram, runs Windows, and has a 14″ screen.
I felt certain there must be a way to finagle the routes and DNS to make this possible, so I started investigating, and here is what I came up with:
Setting Up VPN Clients for Network Manager
Obviously, we can’t have a VPN connection without VPN clients. My company’s VPN uses a Cisco solution, so I used vpnc. For a GUI, I used to use kvpnc, but I discovered the Network Manager GUIs in an attempt to stick to just one DE.
The first thing to do was to install the right packages:
sudo apt-get install vpnc network-manager-vpnc
There are similar packages for openvpn and MS pptp VPN clients, too.
Once that is done, you will find a VPN tab in your “Network Connections” dialog, available from System->Preferences->Network Configuration.
So, add your VPN information that you received from the VPN owner (your employer, IT department, your buddy Al, whatever.) If you have a .pcf file for the Cisco proprietary client, you can probably import it. It won’t be able to import any encoded secrets (like your Group Password) but you can decode those with the Cisco vpnclient password decoder.
That done, you should be able to connect to your VPN and work, but you will be in the boat I described above. Your traffic will probably all be directed through the tunnel be default. If we hit the IPv4 tab under our VPN connection properties, you will notice a small “Routes” button at the bottom right corner.
In general, our routes work just fine for non-VPN purpsoses, so they are a good place to start. When the route screen comes up, the first thing we will do is check the “ignore automatically obtained routes” box. That will prevent the VPN connection from overwriting our default route. Then, we shall add a route that tells all the traffic for our VPN network to go through this connection. In the example below, I have created a route to a fictitious VPN on the 192.168.14.0 network. In order to set this up, you will need to know what range of IP addresses need to be sent over your VPN. If you work for a large business, you may have 1 or more Class A networks to route. 188.8.131.52/8, for example. If it’s a small one, it may just be a Class C.
At this point, we’re ready to go. Your new route will send all VPN-related traffic over it’s tunnel, but leave the rest of your traffic to wander its normal paths around your local LAN and out to the ‘net.
The only trouble is, you are probably getting your DNS info exclusively from the VPN’s DNS server. If you are making DNS requests that don’t need to go there, or simply don’t want to burden the remote DNS servers with unnecessary extra traffic, that can be a problem. So, Part 2 of this tutorial (later this weekend) will be setting up a local forwarding DNS server to allow your machine to determine where to get the answer to any particular query.