Routing setup with VPN tunnel

I have a box with two NICs. eth0 is connected to the 192.168.2
network, whereas eth1 is connected to the 192.168.0 network. Both
networks have internet access via the 192.168.2.1 and 192.168.0.1
gateways, respectively. This box however accesses the internet through
the eth0 NIC. The DNS server, for both networks and the internet, for
reasons that would take me too long to explain, and that are not relevant
anyway, lives in 192.168.0.1.

I want to open a PPPTP VPN tunnel to some remote server S through
the eth0 interface. What routing commands should I include in my ip-pre-
up, ip-up and ip-down files, in /etc/ppp, so that the tunnel is correctly
created, connectivity from this box to the 192.168.0 network remains
active at all times, and the routing reverts to what it was before the
tunnel was created once it is destroyed? I am assuming that the commands
to do with the tunnel itself (remote server S, password, certificates,
etc.) are already correctly in place; my question is to do exclusively
with the routing aspects.

On Wed, 27 Jul 2011 21:10:07 +0000, Doug Weiman wrote:

> I have a box with two NICs. eth0 is connected to the 192.168.2 network,
> whereas eth1 is connected to the 192.168.0 network. Both networks have
> internet access via the 192.168.2.1 and 192.168.0.1 gateways,
> respectively. This box however accesses the internet through the eth0
> NIC. The DNS server, for both networks and the internet, for reasons
> that would take me too long to explain, and that are not relevant
> anyway, lives in 192.168.0.1.
>
> I want to open a PPPTP VPN tunnel to some remote server S through
> the eth0 interface. What routing commands should I include in my ip-pre-
> up, ip-up and ip-down files, in /etc/ppp, so that the tunnel is
> correctly created, connectivity from this box to the 192.168.0 network
> remains active at all times, and the routing reverts to what it was
> before the tunnel was created once it is destroyed? I am assuming that
> the commands to do with the tunnel itself (remote server S, password,
> certificates, etc.) are already correctly in place; my question is to do
> exclusively with the routing aspects.

No one?

Hello,

Doug Weiman a écrit :
> I have a box with two NICs. eth0 is connected to the 192.168.2
> network, whereas eth1 is connected to the 192.168.0 network. Both
> networks have internet access via the 192.168.2.1 and 192.168.0.1
> gateways, respectively. This box however accesses the internet through
> the eth0 NIC. The DNS server, for both networks and the internet, for
> reasons that would take me too long to explain, and that are not relevant
> anyway, lives in 192.168.0.1.
>
> I want to open a PPPTP VPN tunnel to some remote server S through
> the eth0 interface. What routing commands should I include in my ip-pre-
> up, ip-up and ip-down files, in /etc/ppp, so that the tunnel is correctly
> created, connectivity from this box to the 192.168.0 network remains
> active at all times, and the routing reverts to what it was before the
> tunnel was created once it is destroyed?

None, AFAIK.
There is no reason that connectivity to the 192.168.0 network be broken
when the VPN is up (unless the other side uses addresses in the same
range and /then/ you have a problem). The only thing you may want to do
before starting the VPN is to create a host route to the remote server
if the VPN is set up to changes the default route, so that the server
remains reachable. But in my experience pptp creates (and removes) it
automatically.

On 30.7.11 2:11 , Pascal Hambourg wrote:
> Hello,
>
> Doug Weiman a écrit :
>> I have a box with two NICs. eth0 is connected to the 192.168.2
>> network, whereas eth1 is connected to the 192.168.0 network. Both
>> networks have internet access via the 192.168.2.1 and 192.168.0.1
>> gateways, respectively. This box however accesses the internet through
>> the eth0 NIC. The DNS server, for both networks and the internet, for
>> reasons that would take me too long to explain, and that are not relevant
>> anyway, lives in 192.168.0.1.
>>
>> I want to open a PPPTP VPN tunnel to some remote server S through
>> the eth0 interface. What routing commands should I include in my ip-pre-
>> up, ip-up and ip-down files, in /etc/ppp, so that the tunnel is correctly
>> created, connectivity from this box to the 192.168.0 network remains
>> active at all times, and the routing reverts to what it was before the
>> tunnel was created once it is destroyed?
>
> None, AFAIK.
> There is no reason that connectivity to the 192.168.0 network be broken
> when the VPN is up (unless the other side uses addresses in the same
> range and /then/ you have a problem). The only thing you may want to do
> before starting the VPN is to create a host route to the remote server
> if the VPN is set up to changes the default route, so that the server
> remains reachable. But in my experience pptp creates (and removes) it
> automatically.

It depends on the VPN client. Many clients designed for corporate
use, e.g. Cisco, destroy other network connectivity for the duration
of the tunnel, to prevent sneak paths between the corporate network
and the public Net.

--

Tauno Voipio

Tauno Voipio a écrit :
> On 30.7.11 2:11 , Pascal Hambourg wrote:
>>
>> Doug Weiman a écrit :
>>>
>>> I want to open a PPPTP VPN tunnel to some remote server S through
>>> the eth0 interface. What routing commands should I include in my ip-pre-
>>> up, ip-up and ip-down files, in /etc/ppp
[...]
>> None, AFAIK.
>> There is no reason that connectivity to the 192.168.0 network be broken
>> when the VPN is up (unless the other side uses addresses in the same
>> range and /then/ you have a problem).
[...]
> It depends on the VPN client. Many clients designed for corporate
> use, e.g. Cisco, destroy other network connectivity for the duration
> of the tunnel, to prevent sneak paths between the corporate network
> and the public Net.

AFAICS the original post is about a PPTP tunnel using standard pppd, and
so is my reply.