Ubuntu 12.04 - PPTP VPN is the only Internet Access

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by user212553 on Ask Ubuntu See other posts from Ask Ubuntu or by user212553
Published on 2013-11-08T02:33:12Z Indexed on 2013/11/08 4:19 UTC
Read the original article Hit count: 176

Filed under:
|
|
|

I know this has been covered. I've read dozens of posts but still have questions.

I have a work server whose traffic should never leave my house without encryption. The VPN is PPTP. Currently I have a cron job that checks the status of the ppp0 adapter each minute. If the connection drops, which it does fairly often, it shuts key components down.

It's fairly easy to restart PPTP with "nmcli con up id 'myVPNServer'" but there's no assurance it will reconnect and I need a better way to stop traffic (other than killing apps) when ppp0 is down.

The two options I've seen discussed are the firewall (UFW, Firestarter, IPTables) or the route tables. I could be easily swayed to consider the firewall option but I focused on the route tables since no new function needs to be started.

My questions involve the way the route tables change and then specifics on rules.

When I start the PPTP VPN the route tables change. That suggests that if the VPN drops, the table will change back, defeating my stated intent of preventing external traffic. How can I make "sticky" changes to the route table that will persist even if the VPN connection drops? Perhaps the check boxes "Ignore automatically obtained routes" or "Use this connection only for resources on it's network" (which are part of the VPN configuration options)?

It would seem that, if I can force the active VPN route table to stay in effect, even when the VPN drops, that this will effectively kill any external traffic should the VPN drop. This will give me the latitude to run a routine to restart the VPN from the command line (assuming the route table rules don't prevent me re-establishing the connection).

My route table, with the VPN active is (ip route list):

Any comments on what 10.10.1.1 is?

$ ip route list
default dev ppp0  proto static 
10.10.1.1 dev ppp0  proto kernel  scope link  src 10.10.1.11 
VPN_Server_IP_Address via 192.168.1.1 dev eth0  proto static 
VPN_Server_IP_Address via 192.168.1.1 dev eth0  src 192.168.1.60 
169.254.0.0/16 dev eth0  scope link  metric 1000 
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.60  metric 1

© Ask Ubuntu or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about 12.04

Related posts about networking

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle