borneo.antonio at gmail
Sep 17, 2009, 11:16 PM
Post #1 of 1
(860 views)
Permalink
|
|
Re: vpnc comment / feature request
|
|
Hello Vijay,
it seems to me you just want to implement a "split tunnel" from client side.
I wrote a tutorial for this, available in the Nortel branch of vpnc.
You can download it from
http://svn.unix-ag.uni-kl.de/vpnc/branches/vpnc-nortel/split_tunnel.txt
I never tried it with Cisco, but I see no reason why it should not work.
Indeed, would be nice if you could test it and report any
suggestion/improvement.
Best Regards,
Antonio Borneo
On Fri, Sep 18, 2009 at 11:27 AM, Vijay Ramasubramanian <vram0 [at] umd> wrote:
> Hello,
>
> First allow me to thank you heartily for writing / maintaining vpnc . I'm
> delighted to not have to run Cisco's poorly-maintained code, particularly
> their Linux kernel module (!).
>
> I also really appreciate have a BSD-compatible connection method. I think
> large institutions are, to put it nicely, foolish for using these Cisco VPNs
> under the guise of security, but of course if we fought everything foolish,
> we would never get to the real work.
>
> I would like to ask you to consider a couple of features -- in my case, I
> don't want the VPN connection to take over the default route. I simply want
> to be able to route certain specified networks via the VPN. I would
> appreciate the ability to tell vpnc this, probably via the .conf file.
>
> The other thing is that the DNS entries I need within the VPN are also made
> visible in the external DNS, which I can reach using my standard DNS server.
> So it would also be nice to have the ability to tell vpnc not to alter
> resolv.conf .
>
> I've attached a hacked-up vpnc-script that does what I want in my case,
> under Linux. Let me make the disclaimer that it is certainly not the
> cleanest hack, and I hardcoded /sbin/route as the route command since I am
> familiar with its syntax rather than the /sbin/ip route syntax.
>
> I am not averse to writing patches that implement these things cleanly, but
> there are obviously multiple approaches that could be taken, so I'd rather
> discuss it with you first.
>
> Thank you once again,
>
> Vijay.
_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/
|
