Monday, April 2, 2018

OpenVPN, CISCO VPN and Local Network : Split Tunneling a way forward

Sometimes situations arise when we need to work on computers on multiple networks and are behind different VPN networks. VPN networks comes in multiple flavors to complicate the situation. Setting an OpenVPN or CISCO VPN network with default settings will set the system to route all the traffic (including internet) to flow via the VPN tunnels. This may not be ideal for most people working on multiple networks.

Before going into how to setup this I will explain how we can connect an OpenVPN and CISCO VPN network from the network manager. Ubuntu ships by default with the plugin for the Point-to-Point Tunneling Protocol (PPTP) not for OpenVPN or CISCO VPN. The following settings were tested under Ubuntu 18.04 and 16.04 64 bit versions.

Connecting to a CISCO VPN network


In order to connect to CISCO VPN network from the Network-Manger in Unity or Gnome we need to install two packages


 

To set-up the VPN client working the following information is needed: Gateway, User name, User password, Group name and Group password. Usually these information will be provided as a pcf file by the admins of VPN network. The pcf file can be imported to create the connection.




The most import part is not to use this network for every network connection initiated by the system or user. In order to do this network needs to be limited by go to the routes option under IPv4 for this network. Use this connection only for resources on its network needs to be ticked.








 Now this network is ready to be used. However none of the traffic will be routed through this particular network. See the Routing section below to see how to route the specific connections.

 Connecting to an OpenVPN network


In order to connect to OpenVPN network from the Network-Manger in Unity or Gnome we need to install two packages




To set-up the OpenVPN client working the certificate files or username-passwords given by the admins of VPN network along with ovpn configuration file is need. The ovpn configuration file can be imported to create the connection in the same way as we did for CISCO VPN.

Again, the most import part is not to use this network for every network connection initiated by the system or user. As described earlier this network needs to be limited using the routes option under IPv4 for this network. Use this connection only for resources on its network needs to be ticked.

Routing the traffic


In many cases the VPN network and home network, say WiFi, might have an ip with 192.168.x.x range. In this case the entire setup may not work unless an exception is added for the home WiFi connection. This can be achieved by the following command.



Here wlo1 is the WiFi device. This can be identified from the ifconfig command or by looking into Connection information.

The VPN device names can be identified from ifconfig or Network manger. In my case they are tun0 and tun1. In rest of the explanation I will use these device names for sake of simplicity. These names has to substituted with names obtained.

After both networks are connected, lets say we need to route the traffic to IP 10.22.1.1 via tun0 and 192.168.5.10 via tun1. This can be done by running following commands.



A range of IPs can also added via running this command in a loop, say 10.22.1.* via tun0 and 192.168.5.* via tun1:



This will set up the network. The internet will be still routed through local networks which is desired in my case.

If the networks behind the VPNs provide internet access via proxy servers then traffic to the corresponding proxy servers needs to routed through correct vpn device by adding route like about.

This solved a major issue for me and hope this helps anyone looking for how to do this.

Enjoy!!