[vpn-help] Huawei E160 using VPN - after connection loss - Traffic stops completely - related to DNS proxy daemon (still exists with v2.1.6)
Matthew Grooms
mgrooms at shrew.net
Thu Jul 8 12:43:55 CDT 2010
On 7/8/2010 11:59 AM, Andreas Allacher wrote:
>
>>> Something different: I am not able to get the normal internet working
>>> after I connect through VPN. Isn't it possible to set the client up to
>>> use the normal internet connection for everything - except a certain IP
>>> range?
>>
>> Yes. But you have to configure the gateway and the client to use a
>> split tunnel. Please have a look at the policy tab on the client.
>>
> So instead of auto I would have to use Shared?
You could try using shared, but you still need to specify which networks
should be tunneled. See the comments below ...
>>
>>> Furthermore, I noticed that the VPN client sets the default gateway for
>>> the virtual interface to the same IP as the interface's IP. Can I change
>>> the gateway somewhere because I think it might be related to this.
>>>
>>
>> This is directly related to your policy configuration. If you don't
>> specify specific networks to tunnel in the policy tab, the client will
>> attempt to send ALL traffic via the tunnel.
> So I can't setup - for instance - the router of the network I am
> tunneling to, to use as gateway?
>
No. You must uncheck the "Obtain Topology Automatically or Tunnel All"
option and add specific remote networks. Some gateways provide a list of
networks for split tunnels automatically during modecfg negotiation. If
you don't connect to such a gateway but still require split tunnel, you
must manually enter a list of networks that the remote gateway will
allow you access to according its policy configuration. With a split
tunnel configuration, clients only tunnel traffic to specified networks
( specific routes are created instead of a default route ). All other
traffic is handled via your local internet connection.
As for the policy level ( repeating whats already in the 2.1.6 beta 9
release notes ), if you have auto selected, the client will default to
shared when you connect to a Cisco compatible gateway. It will default
to unique for all other gateways. Shared creates multiple policies for
specific remote networks but negotiates a single SA with the gateway
using 0.0.0.0/0 ( everything ). Unique creates multiple policies for
specific remote networks and negotiates multiple SAs with the gateway
using the policy remote network IDs. Which one you use depends on how
your gateway is configured.
-Matthew
More information about the vpn-help
mailing list