vpn under Linux

I am trying to get my cisco vpn client working under (Debian-)Linux.
Everything seems ok, despite the fact, that when the vpn client notices
to having established the connection, i can't use it.

Here are the outputs from "ifconfig" and "route" before
invoking the vpn client and afterwards:

-------------
ifconfig before:

eth0 Link encap:Ethernet HWaddr 000:59:B8:45:C5
inet addr:192.168.0.235 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:653 (653.0 b) TX bytes:342 (342.0 b)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:31 errors:0 dropped:0 overruns:0 frame:0
TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4748 (4.6 KiB) TX bytes:4748 (4.6 KiB)
--------------

route before:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
default radium.mshome.n 0.0.0.0 UG 0 0 0 eth0

(radium.mshome.n... has ip 192.168.0.1)
----------------

output of vpn client:

Cisco Systems VPN Client Version 4.6.02 (0030)
Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.11.6 #2 Sun Oct 30 00:50:12 CEST 2005 i686
Config file directory: /etc/opt/cisco-vpnclient

Initializing the VPN connection.
Contacting the gateway at 129.13.72.1
User Authentication for dul...

Enter Username and Password.

Username [****]: Password []:
Authenticating user.
Negotiating security policies.
Securing communication channel.

Your VPN connection is secure.

VPN tunnel information.
Client address: 129.13.78.90
Server address: 129.13.72.1
Encryption: 168-bit 3-DES
Authentication: HMAC-MD5
IP Compression: None
NAT passthrough is active on port UDP 10000
Local LAN Access is enabled

-------------------
ifconfig after:

cipsec0 Link encap:Ethernet HWaddr 00:0B:FC:F8:01:8F
inet addr:129.13.78.90 Mask:255.255.0.0
UP RUNNING NOARP MTU:1212 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:11 errors:0 dropped:5 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:1028 (1.0 KiB)

eth0 Link encap:Ethernet HWaddr 000:59:B8:45:C5
inet addr:192.168.0.235 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2874 (2.8 KiB) TX bytes:4566 (4.4 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:70 errors:0 dropped:0 overruns:0 frame:0
TX packets:70 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:16464 (16.0 KiB) TX bytes:16464 (16.0 KiB)

------------------

route after:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
129.13.72.1 * 255.255.255.255 UH 0 0 0
cipsec0
172.21.64.246 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0
129.13.239.0 192.168.0.1 255.255.255.0 UG 0 0 0 eth0
172.21.12.0 192.168.0.1 255.255.252.0 UG 0 0 0 eth0
129.13.240.0 192.168.0.1 255.255.248.0 UG 0 0 0 eth0
129.13.0.0 * 255.255.0.0 U 0 0 0
cipsec0
10.0.0.0 192.168.0.1 255.0.0.0 UG 0 0 0 eth0
default 129.13.78.90 0.0.0.0 UG 0 0 0
cipsec0

------------------

When i start firefox nothing happens.
When i try to ping www.cnn.com , i get no answers.
All that is possible before invoking the vpn client.


What went wrong?
Some advices?

Thx in advance

Axel

Axel Gallus wrote:

> I am trying to get my cisco vpn client working under (Debian-)Linux.
> Everything seems ok, despite the fact, that when the vpn client notices
> to having established the connection, i can't use it.
>
> Here are the outputs from "ifconfig" and "route" before
> invoking the vpn client and afterwards:
>
> -------------
> ifconfig before:
>
> eth0 Link encap:Ethernet HWaddr 000:59:B8:45:C5
> inet addr:192.168.0.235 Bcast:192.168.0.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:3 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:653 (653.0 b) TX bytes:342 (342.0 b)
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:31 errors:0 dropped:0 overruns:0 frame:0
> TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:4748 (4.6 KiB) TX bytes:4748 (4.6 KiB)
> --------------
>
> route before:
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 192.168.0.0 * 255.255.255.0 U 0 0 0
> eth0
> default radium.mshome.n 0.0.0.0 UG 0 0 0
> eth0
>
> (radium.mshome.n... has ip 192.168.0.1)
> ----------------
>
> output of vpn client:
>
> Cisco Systems VPN Client Version 4.6.02 (0030)
> Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved.
> Client Type(s): Linux
> Running on: Linux 2.6.11.6 #2 Sun Oct 30 00:50:12 CEST 2005 i686
> Config file directory: /etc/opt/cisco-vpnclient
>
> Initializing the VPN connection.
> Contacting the gateway at 129.13.72.1
> User Authentication for dul...
>
> Enter Username and Password.
>
> Username [****]: Password []:
> Authenticating user.
> Negotiating security policies.
> Securing communication channel.
>
> Your VPN connection is secure.
>
> VPN tunnel information.
> Client address: 129.13.78.90
> Server address: 129.13.72.1
> Encryption: 168-bit 3-DES
> Authentication: HMAC-MD5
> IP Compression: None
> NAT passthrough is active on port UDP 10000
> Local LAN Access is enabled
>
> -------------------
> ifconfig after:
>
> cipsec0 Link encap:Ethernet HWaddr 00:0B:FC:F8:01:8F
> inet addr:129.13.78.90 Mask:255.255.0.0
> UP RUNNING NOARP MTU:1212 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:11 errors:0 dropped:5 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:0 (0.0 b) TX bytes:1028 (1.0 KiB)
>
> eth0 Link encap:Ethernet HWaddr 000:59:B8:45:C5
> inet addr:192.168.0.235 Bcast:192.168.0.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:14 errors:0 dropped:0 overruns:0 frame:0
> TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:2874 (2.8 KiB) TX bytes:4566 (4.4 KiB)
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:70 errors:0 dropped:0 overruns:0 frame:0
> TX packets:70 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:16464 (16.0 KiB) TX bytes:16464 (16.0 KiB)
>
> ------------------
>
> route after:
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 129.13.72.1 * 255.255.255.255 UH 0 0 0
> cipsec0
> 172.21.64.246 192.168.0.1 255.255.255.255 UGH 0 0 0
> eth0
> 129.13.239.0 192.168.0.1 255.255.255.0 UG 0 0 0
> eth0
> 172.21.12.0 192.168.0.1 255.255.252.0 UG 0 0 0
> eth0
> 129.13.240.0 192.168.0.1 255.255.248.0 UG 0 0 0
> eth0
> 129.13.0.0 * 255.255.0.0 U 0 0 0
> cipsec0
> 10.0.0.0 192.168.0.1 255.0.0.0 UG 0 0 0
> eth0
> default 129.13.78.90 0.0.0.0 UG 0 0 0
> cipsec0
>
> ------------------
>
> When i start firefox nothing happens.
> When i try to ping www.cnn.com , i get no answers.
> All that is possible before invoking the vpn client.
>
>
> What went wrong?

Make sure you don't have firefox using a proxy, it should be
set to direct connection to internet. Also, with the vpn
up, you're going through a different firewall (at the college
judging by the "rz.uni-karlsruhe.de" address), so they may be
blocking pings going outward from their network. When you
have vpn down, your ping's going through your firewall which
might have it allowed.
Mark

> Make sure you don't have firefox using a proxy, it should be
> set to direct connection to internet.

I don't have a proxy. Direct internet connection is choosen.

> Also, with the vpn
> up, you're going through a different firewall (at the college
> judging by the "rz.uni-karlsruhe.de" address), so they may be
> blocking pings going outward from their network.

No, they don't. I know this, because the vpn client works under Windows,
and there i can ping.
I am relatively sure it has something to do with the routing table,
which gets misconfigured by the vpn client.

< When you
> have vpn down, your ping's going through your firewall which
> might have it allowed.

Thx anyway.

> Mark


"Axel Gallus" <(E-Mail Removed)> schrieb im Newsbeitrag
news:dktv5j$irs$(E-Mail Removed)...
>I am trying to get my cisco vpn client working under (Debian-)Linux.
> Everything seems ok, despite the fact, that when the vpn client notices
> to having established the connection, i can't use it.
>
> Here are the outputs from "ifconfig" and "route" before
> invoking the vpn client and afterwards:
>
> -------------
> ifconfig before:
>
> eth0 Link encap:Ethernet HWaddr 000:59:B8:45:C5
> inet addr:192.168.0.235 Bcast:192.168.0.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:3 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:653 (653.0 b) TX bytes:342 (342.0 b)
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:31 errors:0 dropped:0 overruns:0 frame:0
> TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:4748 (4.6 KiB) TX bytes:4748 (4.6 KiB)
> --------------
>
> route before:
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 192.168.0.0 * 255.255.255.0 U 0 0 0
> eth0
> default radium.mshome.n 0.0.0.0 UG 0 0 0
> eth0
>
> (radium.mshome.n... has ip 192.168.0.1)
> ----------------
>
> output of vpn client:
>
> Cisco Systems VPN Client Version 4.6.02 (0030)
> Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved.
> Client Type(s): Linux
> Running on: Linux 2.6.11.6 #2 Sun Oct 30 00:50:12 CEST 2005 i686
> Config file directory: /etc/opt/cisco-vpnclient
>
> Initializing the VPN connection.
> Contacting the gateway at 129.13.72.1
> User Authentication for dul...
>
> Enter Username and Password.
>
> Username [****]: Password []:
> Authenticating user.
> Negotiating security policies.
> Securing communication channel.
>
> Your VPN connection is secure.
>
> VPN tunnel information.
> Client address: 129.13.78.90
> Server address: 129.13.72.1
> Encryption: 168-bit 3-DES
> Authentication: HMAC-MD5
> IP Compression: None
> NAT passthrough is active on port UDP 10000
> Local LAN Access is enabled
>
> -------------------
> ifconfig after:
>
> cipsec0 Link encap:Ethernet HWaddr 00:0B:FC:F8:01:8F
> inet addr:129.13.78.90 Mask:255.255.0.0
> UP RUNNING NOARP MTU:1212 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:11 errors:0 dropped:5 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:0 (0.0 b) TX bytes:1028 (1.0 KiB)
>
> eth0 Link encap:Ethernet HWaddr 000:59:B8:45:C5
> inet addr:192.168.0.235 Bcast:192.168.0.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:14 errors:0 dropped:0 overruns:0 frame:0
> TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:2874 (2.8 KiB) TX bytes:4566 (4.4 KiB)
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:70 errors:0 dropped:0 overruns:0 frame:0
> TX packets:70 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:16464 (16.0 KiB) TX bytes:16464 (16.0 KiB)
>
> ------------------
>
> route after:
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 129.13.72.1 * 255.255.255.255 UH 0 0 0
> cipsec0
> 172.21.64.246 192.168.0.1 255.255.255.255 UGH 0 0 0
> eth0
> 129.13.239.0 192.168.0.1 255.255.255.0 UG 0 0 0
> eth0
> 172.21.12.0 192.168.0.1 255.255.252.0 UG 0 0 0
> eth0
> 129.13.240.0 192.168.0.1 255.255.248.0 UG 0 0 0
> eth0
> 129.13.0.0 * 255.255.0.0 U 0 0 0
> cipsec0
> 10.0.0.0 192.168.0.1 255.0.0.0 UG 0 0 0
> eth0
> default 129.13.78.90 0.0.0.0 UG 0 0 0
> cipsec0
>
> ------------------
>
> When i start firefox nothing happens.
> When i try to ping www.cnn.com , i get no answers.
> All that is possible before invoking the vpn client.
>
>
> What went wrong?
> Some advices?
>
> Thx in advance
>
> Axel
>
>
>
>

Axel Gallus wrote:
>>route after:

It is here:

>>default 129.13.78.90 0.0.0.0 UG 0 0 0
>>cipsec0

>>------------------
>>
>>When i start firefox nothing happens.
>>When i try to ping www.cnn.com , i get no answers.
>>All that is possible before invoking the vpn client.
>>
>>
>>What went wrong?
>>Some advices?

It is intentional. The commercial VPN's disable direct
Net access to prevent sneak routes around the company /
organization firewall. If you had forwarding enabled
in your box and a simultaneous direct connection to
the Net, the internal network (VPN tunnel inside addresses)
would be connected to the Net by-passing the primary
firewall of the organization.

HTH

--

Tauno Voipio
tauno voipio (at) iki fi

The default gateway looks to be wrong to me since it default to your
own VPN Client IP: 129.13.78.90
I think it ought to point to the 129.13.x.x gateway. (Maybe
129.13.72.1 -the VPN Server- is all you need, or maybe the VPN Server
is not the gateway at all).

Have you tried with "traceroute" to check how routing is beeing done
for different "net paths"?

Also the ping with the "-s" (size) option is quite usefull to solve
"packet" size problems, that sometimes arise when using VPNs.

If nothing else work you can try ethereal to capture what's going on
with your net.

Hope this help!




Axel Gallus wrote:
> I am trying to get my cisco vpn client working under (Debian-)Linux.
> Everything seems ok, despite the fact, that when the vpn client notices
> to having established the connection, i can't use it.
>
> Here are the outputs from "ifconfig" and "route" before
> invoking the vpn client and afterwards:
>
> -------------
> ifconfig before:
>
> eth0 Link encap:Ethernet HWaddr 000:59:B8:45:C5
> inet addr:192.168.0.235 Bcast:192.168.0.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:3 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:653 (653.0 b) TX bytes:342 (342.0 b)
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:31 errors:0 dropped:0 overruns:0 frame:0
> TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:4748 (4.6 KiB) TX bytes:4748 (4.6 KiB)
> --------------
>
> route before:
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
> default radium.mshome.n 0.0.0.0 UG 0 0 0 eth0
>
> (radium.mshome.n... has ip 192.168.0.1)
> ----------------
>
> output of vpn client:
>
> Cisco Systems VPN Client Version 4.6.02 (0030)
> Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved.
> Client Type(s): Linux
> Running on: Linux 2.6.11.6 #2 Sun Oct 30 00:50:12 CEST 2005 i686
> Config file directory: /etc/opt/cisco-vpnclient
>
> Initializing the VPN connection.
> Contacting the gateway at 129.13.72.1
> User Authentication for dul...
>
> Enter Username and Password.
>
> Username [****]: Password []:
> Authenticating user.
> Negotiating security policies.
> Securing communication channel.
>
> Your VPN connection is secure.
>
> VPN tunnel information.
> Client address: 129.13.78.90
> Server address: 129.13.72.1
> Encryption: 168-bit 3-DES
> Authentication: HMAC-MD5
> IP Compression: None
> NAT passthrough is active on port UDP 10000
> Local LAN Access is enabled
>
> -------------------
> ifconfig after:
>
> cipsec0 Link encap:Ethernet HWaddr 00:0B:FC:F8:01:8F
> inet addr:129.13.78.90 Mask:255.255.0.0
> UP RUNNING NOARP MTU:1212 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:11 errors:0 dropped:5 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:0 (0.0 b) TX bytes:1028 (1.0 KiB)
>
> eth0 Link encap:Ethernet HWaddr 000:59:B8:45:C5
> inet addr:192.168.0.235 Bcast:192.168.0.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:14 errors:0 dropped:0 overruns:0 frame:0
> TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:2874 (2.8 KiB) TX bytes:4566 (4.4 KiB)
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:70 errors:0 dropped:0 overruns:0 frame:0
> TX packets:70 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:16464 (16.0 KiB) TX bytes:16464 (16.0 KiB)
>
> ------------------
>
> route after:
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 129.13.72.1 * 255.255.255.255 UH 0 0 0
> cipsec0
> 172.21.64.246 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0
> 129.13.239.0 192.168.0.1 255.255.255.0 UG 0 0 0 eth0
> 172.21.12.0 192.168.0.1 255.255.252.0 UG 0 0 0 eth0
> 129.13.240.0 192.168.0.1 255.255.248.0 UG 0 0 0 eth0
> 129.13.0.0 * 255.255.0.0 U 0 0 0
> cipsec0
> 10.0.0.0 192.168.0.1 255.0.0.0 UG 0 0 0 eth0
> default 129.13.78.90 0.0.0.0 UG 0 0 0
> cipsec0
>
> ------------------
>
> When i start firefox nothing happens.
> When i try to ping www.cnn.com , i get no answers.
> All that is possible before invoking the vpn client.
>
>
> What went wrong?
> Some advices?
>
> Thx in advance
>
> Axel

It is intentional. The commercial VPN's disable direct
> Net access to prevent sneak routes around the company /
> organization firewall. If you had forwarding enabled
> in your box and a simultaneous direct connection to
> the Net, the internal network (VPN tunnel inside addresses)
> would be connected to the Net by-passing the primary
> firewall of the organization.

So, is there a workaround?

Maybe with vpnc?

Greettings and thx




"Tauno Voipio" <(E-Mail Removed)> schrieb im Newsbeitrag
news:gWLcf.296$(E-Mail Removed)...
> Axel Gallus wrote:
>>>route after:
>
> It is here:
>
>>>default 129.13.78.90 0.0.0.0 UG 0 0 0
>>>cipsec0
>
>>>------------------
>>>
>>>When i start firefox nothing happens.
>>>When i try to ping www.cnn.com , i get no answers.
>>>All that is possible before invoking the vpn client.
>>>
>>>
>>>What went wrong?
>>>Some advices?
>
> It is intentional. The commercial VPN's disable direct
> Net access to prevent sneak routes around the company /
> organization firewall. If you had forwarding enabled
> in your box and a simultaneous direct connection to
> the Net, the internal network (VPN tunnel inside addresses)
> would be connected to the Net by-passing the primary
> firewall of the organization.
>
> HTH
>
> --
>
> Tauno Voipio
> tauno voipio (at) iki fi

(E-Mail Removed) wrote:

>
> Make sure you don't have firefox using a proxy, it should be
> set to direct connection to internet.

Or perhaps they block direct HTTP and you have to use their proxy?

Steve

Axel Gallus wrote:
> It is intentional. The commercial VPN's disable direct
>
>>Net access to prevent sneak routes around the company /
>>organization firewall. If you had forwarding enabled
>>in your box and a simultaneous direct connection to
>>the Net, the internal network (VPN tunnel inside addresses)
>>would be connected to the Net by-passing the primary
>>firewall of the organization.
>
>
> So, is there a workaround?

Before creating a workaround, please think about the
policy breach you're about to do.

In principle, you should re-create the default route
youre happy with, but, IIRC, the Cisco client will
go on strike as soon as the routing is changed.

Is all your Net traffic dead when the VPN is up,
or only some services (which)? This is actually
a question about the university Net access policy.

Which are the services you cannot reach through
the VPN and the proper firewall?

--

Tauno Voipio
tauno voipio (at) iki fi