[vpn-help] Shrew VPN in Ubuntu
Kevin VPN
kvpn at live.com
Mon Jan 21 21:57:59 CST 2013
On 12/23/2012 04:46 AM, Emre Erenoglu wrote:
> Thanks, I'll check how I can do it, it seems there's include &exclude
> stuff, so I guess I will exclude the vpn gateway and include all rest
> 0.0.0.0.
> Maybe I shall send an email to the VPN mailing list, this is not a normal
> behavior.
>
> Btw, my dns seemed to be working OK on Ubuntu 12.10 when vpn was connected,
> why would we need your patch for?
>
>
> On Sun, Dec 23, 2012 at 1:33 PM, Andrew Timonin <atimonin at online.ru> wrote:
>
>> On Fri, 21 Dec 2012 01:37:41 +0400, Emre Erenoglu <erenoglu at gmail.com>
>> wrote:
>>> Hi Andrew,
>>> It seems I found the solution. When shrew connects, I can see in route
>>> table that it does not add a specific route to the VPN server to go
>> through
>>> my home router. There's just default route which is now the VPN internal
>> IP
>>> & tap0 interface .
>>> So, since packets destined to the vpn server can't go through, the VPN
>>> fails.
>>> When I added the manual route to the vpn server, then it started
>> working.
>>> But this shall not be like this, it shall normally add the specific
>> route
>>> to the vpn host when changing the default route, have you seen
>>> any behavior like this?
>>>
>> Yes! I just have fogotten this!
>> If I used default settings I had a default route to VPN (it was set by VPN
>> GW on other end),
>> so I had to set specific routes in Shrew VPN in Policy -> External network
>> resources
>>
For situations where the gateway IP address was part of the protected
network, there was code in Shrew (maybe introduced in 2.1.7?) that made
Shrew smart enough to not tunnel traffic destined for the gateway. I'm
fairly sure this was done via an extra route entry.
What version of Shrew are you guys using?
More information about the vpn-help
mailing list