network manager / vpnc question
Patrick Mansfield
patman at aracnet.com
Tue Jan 20 06:40:45 UTC 2009
On Mon, Jan 19, 2009 at 03:01:49PM -0500, Mail Lists wrote:
>
> I have set up a vpnc connection just fine (to cisco) - while there is
> a button to add routes, it seems to not understand the usual ip route
> arguments ...
>
> I need to keep a default route via a standard gateway (not using the
> vpnc tun0 route) and then set a bunch of other routes to tun0 .. ie i
> need to create these routes and am stumped how to do them -
>
> At its simplest, i'd like the routing table to be unchanged from
> before I connect vpnc (esp the default route) which I asume 'ignore
> automatically obtained routes' radio button will do - and in addition
> add these 2 routes - which I cannot find how to do:
>
> ip route add x.x.x.x/16 dev tun0
> ip route add y.y.y.y/17 dev tun0
>
> Also I don't know for sure I will get 'tun0' so it should probably be a
> meta token but the window to add routes only takes gateway ip type of
> routes ...
I'm on Fedora 9, with NetworkManager-vpnc-0.7.0-0.11.svn4326.fc9.i386
I used entries like this in the routes table gui thing (nm -> VPN
connections -> configure VPN, click VPN tab, click vpn connection, click
edit, click IPv4 settings, click routes):
address netmask gateway metric
x.y.0.0 255.255.0.0
f.g.0.0 255.255.0.0
With nothing set for gateway or metric.
Note: I haven't been able to find the file with this data! It was easy to
find with earlier versions, it's a real pain to add a lot of routes, plus
you can't cut and paste via the gui form.
AFAIR, I could not get a netmask of 255.255.255.0 to work, I didn't try
anything other than that and 255.255.0.0. All public addresses can
be reached via the VPN I'm using, so it does not hurt me to route more
addresses through it than required.
I do NOT have "ignore automatically obtained routes" checked (I thought I
had it checked but don't).
But ... nm vpn is broken for me (as posted here recently), so I've been
using the cisco VPN (the non-NM vpnc works fine).
-- Patrick Mansfield
More information about the fedora-list
mailing list