Re: VPN Support committed

From: Derek Atkins <warlord MIT EDU>
To: Dan Williams <dcbw redhat com>
Cc: networkmanager-list gnome org
Subject: Re: VPN Support committed
Date: Fri, 15 Apr 2005 12:53:58 -0400

Here's the code snippet from my vpnc-connect that handles the "Target networks"
configuration option.  unfortunately the vpnc application complains about the
configuration option, but it works anyways with the warnings.

-derek

networks="$(getvar "${config}" "Target networks")"
if [ -z "$networks" ]; then
    ip route add $(ip route get $VPNGATEWAY | fix_ip_get_output)
    ip route | grep '^default' | fix_ip_get_output > "$defr"
    echo "$VPNGATEWAY" > "$gateway"
    networks=default
fi
for network in $networks; do
    ip route del $network 2>/dev/null
    ip route add $network dev $TUNDEV
done

networks="$(getvar "${config}" "Exclude networks")"
for network in $networks; do
    ip route del $network 2>/dev/null
    ip route add to $network via $DEF_GATEWAY
done


Quoting Dan Williams <dcbw redhat com>:

> On Fri, 2005-04-15 at 12:45 -0400, Derek Atkins wrote:
> > Cool!
> > 
> > What's the plan w.r.t. custom configurations of the vpnc connection
> manager? 
> > For exmaple, my vpnc-connect (and vpnc.conf) contain "Targeted Networks"
> > configurtion so only partial routes will get forwarded across the VPN
> instead
> > of all traffic.  Will your hooks still work with that change to the
> > "vpnc-connect" script?
> 
> If you could post some of the ifconfig or iproute commands in your vpnc-
> connect file, that would be great.  I simply don't have any examples of
> that at this time, and having some would allow me to implement it.
> 
> > I presume your changes also handle re-pointing of DNS servers?
> 
> Yes.  In the initial implementation, all DNS traffic runs over the VPN-
> provided DNS servers, but quite soon I hope to be able to route just
> traffic for the VPN-provided domain (ie CISCO_DEF_DOMAIN) and everything
> else over the regular servers. NOTE: regular glibc/nscd _cannot_ do
> that, so if you want this feature, you'll need to use the caching-
> nameserver configuration.
> 
> Dan
> 
> 


-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord MIT EDU                        PGP key available

References:
- VPN Support committed
  - From: Dan Williams
- Re: VPN Support committed
  - From: Derek Atkins
- Re: VPN Support committed
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]