[Vpn-help] Established VPN connection but no internet anymore

Tilman Schröder tilman.schroeder at tu-dortmund.de
Tue Nov 10 07:04:54 CST 2009 

Matthew Grooms schrieb:
> Kai Wetzelsberger wrote:
>> Hi Stefan,
>>
>> I made the changes you have told me. Now my route table 
>> with vpn connection looks like:
>>
>> Ziel            Router          Genmask         Flags 
>> Metric Ref    Use Iface
>> 141.19.7.253    192.168.178.1   255.255.255.255 UGH   0 
>>      0        0 wlan0
>> 192.168.178.0   0.0.0.0         255.255.255.0   U     2 
>>      0        0 wlan0
>> 141.19.173.0    141.19.173.43   255.255.255.0   UG    0 
>>      0        0 tap0
>> 169.254.0.0     0.0.0.0         255.255.0.0     U     1000 
>>   0        0 wlan0
>> 0.0.0.0         192.168.178.1   0.0.0.0         UG    0 
>>      0        0 wlan0
>>
>> 141.19.173.43 is the received vpn ip (tap0)
>> VPN Remote Host: 141.19.7.253
>> Router IP: 192.168.178.1
>> Wlan0 IP: 192.168.178.37
>>
>> Internet works with big latency but vpn sites behind the 
>> tunnel are not accessible... Something must still be 
>> wrong... Do you have an idea?
>>
> 
> Hi Kai,
> 
> If you don't add specific include networks to the policy tab in your 
> site configuration, all traffic will be forced across the network by 
> default. With some gateways ( cisco/sidewinder/ipsec-tools/netgear ), 
> they can 'tell' the client this information automatically. However, if 
> you are connecting to a gateway that can't ( or isn't configured to ) 
> supply the remote network list, you will need to specify it manually.
> 
> Without knowing the topology behind the vpn gateway, the vpn client has 
> no way to determine which packets should be tunneled and which packets 
> should be passed to your local default gateway.
> 
> -Matthew


Hello everybody,

I experienced almost the same problem: Double default routes, but in my
case, on Windows Vista Business 64 bit. I need to tunnel all my traffic
through the vpn gateway except the two local networks 192.168.0.0/16 and
10.0.0.0/8. In the Policy tab I added the following Exclude networks:
192.168.0.0 / 255.255.0.0 and 10.0.0.0 / 255.0.0.0. When I connect to
the vpn gateway with these settings I get two default routes, the
original route to 192.168.0.1 and the new route to the shrew vpn network
device on my computer. I tested this using the 2.4.1-release and 2.1.5-rc4.
Why is the default route not replaced? Is there a way to get the vpn 
client to replace the default route? I tried adding x.0.0.0 / 255.0.0.0, 
x ranging from 1 to 255 to the include address / netmask pairs, but the 
client did not like these entries in the configuration file.

What do I have to do to automatically get the default route replaced?

Bye,

Tilman Schröder

More information about the vpn-help mailing list