Internet disabled during OpenVPN session

Hi,

I’ve got a VPN connection to a remote server what works fine. The only problem is that when I’m connecting through VPN I can not use internet. (The VPN server doesn’t offer internet connection it’s just a file server). How could I use my internet during a VPN Session?

Thanks!

On 01/25/2013 07:56 PM, p8r wrote:
>
> Hi,
>
> I’ve got a VPN connection to a remote server what works fine. The only
> problem is that when I’m connecting through VPN I can not use internet.
> (The VPN server doesn’t offer internet connection it’s just a file
> server). How could I use my internet during a VPN Session?

-=WELCOME=- new user…

use a terminal (xterm, konsole, or whatever at less than full screen, or
on a different) and SSH/VPN (or whatever) to the server, and use your
regular browser to “use internet”…

Linux is both a multi-user and multi-tasking environment

of course, i actually have NO idea what operating system and version is
on the machine you sit at, or on the server you VPN to…so, what i
wrote probably won’t work if you sit at an Android and are VPN connected
to a Solaris server…

again, welcome…but perhaps review again: http://is.gd/2BfI3


dd
openSUSE®, the “German Engineered Automobile” of operating systems!

At first, thank you for your answer. I’m using openSuSE 12.2 and built-in OpenVPN through network manager.
As I know the VPN server (what I want to connect to) does not route gateway traffic out to the internet. As I read the Network Manager client route all the traffic through the VPN, and that’s why I can not connect to internet while I’m logged in to VPN Server.

Before I switched to OpenSuSE from Windows (1 week ago, so I’m a newbie to Linux) I tried an other distro too. There I had an option under IPv4 settings to set the option: “Use this connection only for resources on its network”. I don’t know how could I set up this thing in Suse.

And of course I make a try with terminal as well. :slight_smile:

On Fri, 25 Jan 2013 20:16:01 +0000, p8r wrote:

> At first, thank you for your answer. I’m using openSuSE 12.2 and
> built-in OpenVPN through network manager.
> As I know the VPN server (what I want to connect to) does not route
> gateway traffic out to the internet. As I read the Network Manager
> client route all the traffic through the VPN, and that’s why I can not
> connect to internet while I’m logged in to VPN Server.
>
> Before I switched to OpenSuSE from Windows (1 week ago, so I’m a newbie
> to Linux) I tried an other distro too. There I had an option under IPv4
> settings to set the option: “Use this connection only for resources on
> its network”. I don’t know how could I set up this thing in Suse.
>
> And of course I make a try with terminal as well. :slight_smile:

Who owns the VPN server? Is it something you’re in control of, or
something that someone else is in control of?

The reason I ask is that some VPN server configurations explicitly
disable connections to internal resources and connections to the Internet
that aren’t through their own route as a security measure.

You may be dealing with such a situation - and if that’s the case, the
admin has explicitly turned this on to prevent machines connecting via VPN
acting as a “man in the middle” attack against protected resources.

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

Well this server belongs to one of my customers I’m working for (I’m developing an Intranet application in php, etc). Since it contains sensitive informations I understand that the server isn’t connected directly to internet.
What is strange for me, recently (on windows) I could use my internet connection without any changes while I worked on VPN server. But on Linux I’m not able to do that. :\

As Jim said, this is usually a deliberate design (for security) by the admins who provide VPN connectivity. (Of course if the server is yours, then you’re free to configure as you’d like.) I enjoy the same restriction while accessing my work VPN remotely. It is possible to set up split tunneling to get around this, but it would probably contravene the security practices of the company VPN you’re connecting to.

Thanks again for the replies. It seems I figured out the solution. Under VPN settings in IPv4 tab in the drop down I choosed “Routes” and then I checked the “Use only for resources on this connection” checkbox.

Now I’m able to connect to VPN Server and I keep my Internet connection.

Guys thanks again, with your helps it succeeded. :slight_smile:

I’m glad that worked for you, and now you have roused my interest. :slight_smile: I’ve read about that network manager option previously, however for me at least, it is not sufficient, and only succeeds in preventing my effective VPN routing. Without the ‘Use only for resources on this connection’, I have

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0
10.16.49.193    0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan0
202.8.47.200    192.168.1.1     255.255.255.255 UGH   0      0        0 wlan0
202.8.47.200    192.168.1.1     255.255.255.255 UGH   0      0        0 wlan0

With this option enabled

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0
10.16.49.193    0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan0
202.8.47.200    192.168.1.1     255.255.255.255 UGH   0      0        0 wlan0
202.8.47.200    192.168.1.1     255.255.255.255 UGH   0      0        0 wlan0

An interesting thread on the same topic

VPN Connection - Not able to browse other sites when connecting to VPN

As you’ve experienced, windows allows the option to reach both networks simultaneously via unchecking the ‘use default gateway’ option.

On Fri, 25 Jan 2013 20:56:01 +0000, p8r wrote:

> Well this server belongs to one of my customers I worked for (I’m
> developing an Intranet application in php, etc). Since it contains
> sensitive informations I understand that the server isn’t connected
> directly to internet.

Yes, but that’s a little different than what I’m describing. What I’m
describing is something that ISTR is called “split tuneling”. The idea
behind not allowing a split tunnel is that if someone connects to your
machine while it’s connected to VPN protected resources, the VPN
protected resources could be compromised.

You might ask your customer if they have disabled split tunnel on their
VPN server.

> What is strange for me, recently (on windows) I could use my internet
> connection without any changes while I worked on VPN server. But on
> Linux I’m not able to do that. :\

They might have changed it, or you may need to look for a setting on the
client side for enabling split tunnel.

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

That’s what the OP has managed to achieve, by enabling ‘Use this connection only for resources on its network’. However, it relies on the VPN server being configured to allow split tunnels.

You might ask your customer if they have disabled split tunnel on their
VPN server.

They must have allowed this, since it’s working for him. :slight_smile:

On Sat, 26 Jan 2013 05:46:01 +0000, deano ferrari wrote:

> hendersj;2522047 Wrote:
>>
>>
>> Yes, but that’s a little different than what I’m describing. What I’m
>> describing is something that ISTR is called “split tuneling”. The idea
>> behind not allowing a split tunnel is that if someone connects to your
>> machine while it’s connected to VPN protected resources, the VPN
>> protected resources could be compromised.
> That’s what the OP has managed to achieve, by enabling ‘Use this
> connection only for resources on its network’. However, it relies on
> the VPN server being configured to allow split tunnels.

Yup. :slight_smile:

>> You might ask your customer if they have disabled split tunnel on their
>> VPN server.
> They must have allowed this, since it’s working for him. :slight_smile:

That would seem to be the case. It’s usually more common in larger
companies, smaller companies I find don’t have the technical expertise
behind their systems to understand the risks or config option.

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

With a bit of experimentation I have now managed to achieve a similar result (by doing the same as the OP), with the additional requirement of adding specific routes, to reach the various servers I need to access to behind the VPN gateway. However, for others trying this, it is important to make sure that you’re behind a firewall for the reasons explained previously. I would hate to be responsible for any kind of external attack on the company’s network.

Does it help?

route - How can I configure openvpn server without push default gateway? - Server Fault

Well, Windows does not use OpenVPN, so it is different server which may be set up differently.

Actually, Windows can use OpenVPN just as easily as the less secure PPTP protocol. However, this thread was about client-side routing than the underlying VPN protocols. :slight_smile:

OK I missed that OP already found the same GUI control in NM. Sorry.