VPN only session.
Brian St. Pierre
brian at bstpierre.org
Tue Oct 18 08:07:00 EDT 2011
On Mon, Oct 17, 2011 at 1:46 PM, Alan Johnson <alan at datdec.com> wrote:
> On Oct 16, 2011 10:14 AM, "Greg Kettmann" <greg at kettmann.com> wrote:
>>
>> The problem is that the VPN session randomly drops out. Basically, I
>> start Ubuntu and once it's operational I click on the little up/down
>> arrows for network. I select the VPN and I activate it. This puts a
>> little lock on the up/down arrows and I'm set. Sometimes the lock drops
>> off and I'm sending (or trying to send) in the clear. Easy enough to
>> fix but often a pain to get things back to the proper state.
>>
>> What I would prefer is to have the VMware session just be connected via
>> VPN... no VPN, no connectivity. If the VPN connection drops out I don't
>> want it to fall back down to sending in the clear. The whole session
>> will stop working and I can restart it. Is that possible? I've tried
>> searching on this, without much luck, but perhaps my search arguments
>> are bad. I'm not married to Ubuntu nor to VMware player. If some other
>> combination is known to work I'd love to hear about it.
>
> I don't think there is a way to do that directly in the network config.
> Besides, your local connection has to be active to enable connecting to the
> VPN anyway. You could turn off dhcp for your local connection in the vm and
> manually configure it without dns servers, then name resolution would only
> work if you were connected to your VPN. Browsers will still cache some
> names, but that usually times out pretty quickly. You'd also want to add
> your VPN server to /etc/hosts but that can be annoying if the IP address
> changes. This also won't help if you access much by VPN.
Turning off DHCP seems like it is on the right track.
I haven't tested this, but I think you could edit the routes in the
network manager so that your primary network interface only has a
route to your VPN server.
Right click the network icon, Edit Connections..., select your primary
interface, Edit..., IPv4 Settings tab, Routes..., Add. Enter the IP of
your VPN server, use 255.255.255.255 for the netmask, and the IP
address of your default gateway.
Verify the settings are correct by rebooting the VM and running "route
-n" in a terminal. You should see just one line -- for your VPN
server, and no default route (destination 0.0.0.0). Try pinging your
VPN server (should work), then try pinging some other address (should
fail). Then bring up the VPN and all should work as normal. Then kill
the VPN and everything should fail.
This should make it so you don't accidentally send traffic in the
clear, but it won't auto-restart your VPN session. You might be able
to do something with a script that runs when the interface goes down,
but I'm foggy on the details.
-Brian
More information about the gnhlug-discuss
mailing list