I’ve connected to this vpn before (on previous versions on opensuse), so I think this is probably a problem with my machine.
This isn’t a dns problem, since my resolv.conf looks ok, and I CAN’T ping web servers by their ip address when connected to the vpn.
IP forwarding is enabled…
> sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1
I can access servers on the vpn network, but no outside servers.
I’m not really sure what else to check. What else might be wrong?
This is a very old, and often asked question.
Recommend search for all posts about “split tunnel”
Basically, when you are connecting through a VPN, the remote network <should> also configure you to connect through the remote network’s own DG but that confiig is often neglected.
It’s considered a serious potential vulnerability to permit your own machine to connect directly to the Internet without going through the vpn tunnel which is the “split tunnel” configuration.
HTH,
TSU
Ok. Googled that and tried enabling “Use this connection only for resources on its network”. With that setting enabled, the vpn connects successfully and have access to the internet, but now no access to my work network. If disable that setting, I get my work network back but loose the internet.
Is this a bug?
Maybe the vpn server is blocking split tunneling?
Then again, I get both when I’m in Windows…
That’s a setting I haven’t seen before.
Sounds like a workable compromise someone implemented since it’s very bad policy to connect to the Internet directly <and> through the VPN at the same time.
TSU
Just because Windows allows it doesn’t mean that it’s proper. As I described earlier, connecting both through the VPN and directly to the Internet at the same time is considered a serious security issue which is why it’s not supposed to be implemented.
TSU
My experience with experimenting with that has been the same as you report. As tsu2 mentioned, it is regarded as bad security practice to have a concurrent internet vpn gateway, and I think it can be prevented from the VPN server anyway. (Perhaps, access is disabled if an internet route is detected as existing. I don’t know.) Some companies allow internet access via the VPN (as inefficient as that may be). I have seen more elaborate solutions employing a router to provide the necessary routing/connectivity.