HOW TO: Create a flexible VPN client setup using Ubuntu, Part 1

At my day job, I am allowed to telecommute one day per week.  This is nice, because I need to save as much money on gas as possible.  However, I was left with a bit of a conundrum.  If I used my desktop PC, it was cut off from the rest of the internet (and local network).  On the other hand, the work-supplied laptop I have it old, doesn’t have enough ram, runs Windows, and has a 14″ screen.

I felt certain there must be a way to finagle the routes and DNS to make this possible, so I started investigating, and here is what I came up with:

Setting Up VPN Clients for Network Manager

Obviously, we can’t have a VPN connection without VPN clients.  My company’s VPN uses a Cisco solution, so I used vpnc.  For a GUI, I used to use kvpnc, but I discovered the Network Manager GUIs in an attempt to stick to just one DE.

The first thing to do was to install the right packages:

sudo apt-get install vpnc network-manager-vpnc

There are similar packages for openvpn and MS pptp VPN clients, too.

Once that is done, you will find a VPN tab in your “Network Connections” dialog, available from System->Preferences->Network Configuration.

The VPN Tab in Network Connections

The VPN Tab in Network Connections

So, add your VPN information that you received from the VPN owner (your employer, IT department, your buddy Al, whatever.)  If you have a .pcf file for the Cisco proprietary client, you can probably import it.  It won’t be able to import any encoded secrets (like your Group Password) but you can decode those with the Cisco vpnclient password decoder.

That done, you should be able to connect to your VPN and work, but you will be in the boat I described above.  Your traffic will probably all be directed through the tunnel be default.  If we hit the IPv4 tab under our VPN connection properties, you will notice a small “Routes” button at the bottom right corner.

How to access the Routes screen.

How to access the Routes screen.

In general, our routes work just fine for non-VPN purpsoses, so they are a good place to start.  When the route screen comes up, the first thing we will do is check the “ignore automatically obtained routes” box.  That will prevent the VPN connection from overwriting our default route.  Then, we shall add a route that tells all the traffic for our VPN network to go through this connection.  In the example below, I have created a route to a fictitious VPN on the network.  In order to set this up, you will need to know what range of IP addresses need to be sent over your VPN.  If you work for a large business, you may have 1 or more Class A networks to route., for example.  If it’s a small one, it may just be a Class C.

Setting up a route to our VPN addresses.

Setting up a route to our VPN addresses.

At this point, we’re ready to go.  Your new route will send all VPN-related traffic over it’s tunnel, but leave the rest of your traffic to wander its normal paths around your local LAN and out to the ‘net.

The only trouble is, you are probably getting your DNS info exclusively from the VPN’s DNS server.  If you are making DNS requests that don’t need to go there, or simply don’t want to burden the remote DNS servers with unnecessary extra traffic, that can be a problem.  So, Part 2 of this tutorial (later this weekend) will be setting up a local forwarding DNS server to allow your machine to determine where to get the answer to any particular query.


9 Responses to “HOW TO: Create a flexible VPN client setup using Ubuntu, Part 1”

  1. Insane_Homer Says:

    Fantastic stuff, many thanks! Easy when you know how… LOL

  2. Dragonsept Arts & Publishing Blog » Blog Archive » Flexible VPN Setup, Part 2: DNS Says:

    […] HOW TO: Create a flexible VPN client setup using Ubuntu, Part 1 […]

  3. jjoshi Says:

    This was very useful. btw the 9.04 has a check box on the routes page, which essentially achieves the same thing (i believe). the checkbox says “use this connection only for resources on this network”. nevertheless very helpful. thanks.

  4. Ben Says:

    I don t have the
    System->Preferences->Network Configuration
    only have
    System->Preferences->Network Proxy

  5. David Says:

    Don’t try Network Manager if you have multiple network cards, your own dhcp server or any complicated network. Network Manager will fubar your system. I installed it and suddenly I started getting an entry in my routing table for a 169.* address. I restart all my network devices, it worked for about a minute, then suddenly, bam, it stopped again. Checked my routing table, that route was back.

    I have unistalled Network Manager and everything is smooth again.

    • Songwind Apogee Says:

      I am running a DHCP server at home, and it did require some creative adjustments to make it work correctly. I had to set up DHCP to start after NM. Once that was done, it all went smoothly.

  6. Jeff Terry Says:

    Thanks for this post, answers a bunch of questions I was having.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: