Hi all.
I've been having a problem with a Cisco vpn client that I'm attempting to
circumvent.
It's running on a 32bit Centos 5.4 xen VM (2.6.18-164.15.1.el5xen) and
manifests itself in that all pre-existing network connectivity gets disabled
/ disconnected once the vpn makes it's connections.
I've fiddled around with various options in
/etc/opt/cisco-vpnclient/internal.ini
and re-configured anything that looked obvious in the originally supplied
remote-access-profile.pcf but nothing seems to have any effect.
I'm aware that this might be a configuration option forced from the server
side, but seeing as the site admin is AWOL it's difficult to know :(
this is what I've tried so far!
[root at vm03 ~]#vpnclient connect remote-access-profile user user1 pwd
password987654321
Contacting the gateway at 213.223.227.18
Authenticating user.
Negotiating security policies.
Securing communication channel.
Your VPN connection is secure.
VPN tunnel information.
Client address: 173.23.4.2
Server address: 213.223.227.18
Encryption: 128-bit AES
Authentication: HMAC-SHA
IP Compression: None
NAT passthrough is active on port UDP 4500
Local LAN Access is disabled
[root at vm03 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
213.223.227.18 192.168.223.1 255.255.255.255 UGH 0 0 0
eth0
173.23.4.0 0.0.0.0 255.255.255.0 U 0 0 0
cipsec0
0.0.0.0 173.23.4.2 0.0.0.0 UG 0 0 0
cipsec0
/sbin/route del -net 0.0.0.0 dev cipsec0
so I can have my default route back I clear the cisco supplied one
/sbin/route add -host 192.168.223.1 dev eth0
/sbin/route add default gw 192.168.223.1
this is to set things back as they were before the vpn started
& then to allow the system to see both ends of the VPN I'll do the following
/sbin/route add -net 173.23.4.0 netmask 255.255.255.0 gw 173.23.4.1 cipsec0
/sbin/route add -net 213.56.70.0 netmask 255.255.255.0 gw 173.23.4.1 cipsec0
This leaves me with a problem that I can't see the figuring of.
route -n yields
[root at vm03 ~]#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
213.223.227.18 192.168.223.1 255.255.255.255 UGH 0 0 0
eth0
192.168.223.1 0.0.0.0 255.255.255.255 UH 0 0 0
eth0
173.23.4.0 173.23.4.1 255.255.255.0 UG 0 0 0
cipsec0
173.23.4.0 0.0.0.0 255.255.255.0 U 0 0 0
cipsec0
213.56.70.0 173.23.4.1 255.255.255.0 UG 0 0 0
cipsec0
0.0.0.0 192.168.223.1 0.0.0.0 UG 0 0 0
eth0
I can't no matter how hard I try get rid of the following
173.23.4.0 0.0.0.0 255.255.255.0 U 0 0 0
cipsec0
and I seem to have lost access to my 192.168.223 network.
so has anyone any suggestions how to fix this so as the machine is visible
to it's own network while connecting into the remote?
Thanks for your time
Tony
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
