openconnect routing issue, Cisco ASA SSL VPN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am trying to connect remotely to my company's resources via their
Cisco VPN. They offer .p12 SSL-based ASA gateways that I can
successfully connect to and navigate company resources, access email,
etc. However, I am not able to navigate to resources located outside
of the company intranet while connected; for example, google.com or
en.wikipedia.org are unreachable and I receive '503 Gateway' errors
when navigating to external URLS. I am also unable to split tunnel
with this connection using network-manager-openconnect (the infamous
'Use this connection only for resources on its network' option). Using
openconnect from CLI with the default vpnc vpnc-script yields same
results.  However, when I use the Cisco VPN client in windows, I am
able to browse the internet just fine through their connection so I
know it's a routing issue in Linux.

Main operating system: Xubuntu 11.10. Tested in Kubuntu 11.10, Ubuntu
11.10, Ubuntu 10.10

Installed packages: openconnect, network-manager-openconnect,
network-manager-openconnect-gnome. Network Manager is ver. 0.9

BEFORE (numerically, zeroconf route removed for clarity)
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 eth2
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth2

AFTER
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         0.0.0.0         0.0.0.0         U         0 0          0 tun0
172.28.48.0     0.0.0.0         255.255.240.0   U         0 0          0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth2
<VPN gw> 192.168.1.1     255.255.255.255 UGH       0 0          0 eth2

Here are my windows routes:

BEFORE connecting using vpn client:


IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.140     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.140    266
    192.168.1.140  255.255.255.255         On-link     192.168.1.140    266
    192.168.1.255  255.255.255.255         On-link     192.168.1.140    266
     192.168.58.0    255.255.255.0         On-link      192.168.58.1    276
     192.168.58.1  255.255.255.255         On-link      192.168.58.1    276
   192.168.58.255  255.255.255.255         On-link      192.168.58.1    276
    192.168.195.0    255.255.255.0         On-link     192.168.195.1    276
    192.168.195.1  255.255.255.255         On-link     192.168.195.1    276
  192.168.195.255  255.255.255.255         On-link     192.168.195.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.140    266
        224.0.0.0        240.0.0.0         On-link     192.168.195.1    276
        224.0.0.0        240.0.0.0         On-link      192.168.58.1    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.140    266
  255.255.255.255  255.255.255.255         On-link     192.168.195.1    276
  255.255.255.255  255.255.255.255         On-link      192.168.58.1    276
===========================================================================
Persistent Routes:
  None

AFTER:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.140     10
          0.0.0.0          0.0.0.0      172.28.48.1    172.28.49.218     11
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      172.28.48.0    255.255.240.0         On-link     172.28.49.218    266
    172.28.49.218  255.255.255.255         On-link     172.28.49.218    266
    172.28.63.255  255.255.255.255         On-link     172.28.49.218    266
      192.168.1.0    255.255.255.0         On-link     192.168.1.140    266
      192.168.1.0    255.255.255.0      172.28.48.1    172.28.49.218    266
      192.168.1.1  255.255.255.255         On-link     192.168.1.140    100
    192.168.1.140  255.255.255.255         On-link     192.168.1.140    266
    192.168.1.140  255.255.255.255      172.28.48.1    172.28.49.218    266
    192.168.1.255  255.255.255.255         On-link     192.168.1.140    266
    192.168.1.255  255.255.255.255      172.28.48.1    172.28.49.218    276
     192.168.58.0    255.255.255.0         On-link      192.168.58.1    276
     192.168.58.0    255.255.255.0      172.28.48.1    172.28.49.218    276
     192.168.58.1  255.255.255.255         On-link      192.168.58.1    276
     192.168.58.1  255.255.255.255      172.28.48.1    172.28.49.218    276
   192.168.58.255  255.255.255.255         On-link      192.168.58.1    276
   192.168.58.255  255.255.255.255      172.28.48.1    172.28.49.218    276
    192.168.195.0    255.255.255.0         On-link     192.168.195.1    276
    192.168.195.0    255.255.255.0      172.28.48.1    172.28.49.218    276
    192.168.195.1  255.255.255.255         On-link     192.168.195.1    276
    192.168.195.1  255.255.255.255      172.28.48.1    172.28.49.218    276
  192.168.195.255  255.255.255.255         On-link     192.168.195.1    276
  <vpn gateway>  255.255.255.255      192.168.1.1    192.168.1.140    100
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.140    266
        224.0.0.0        240.0.0.0         On-link     192.168.195.1    276
        224.0.0.0        240.0.0.0         On-link      192.168.58.1    276
        224.0.0.0        240.0.0.0         On-link     172.28.49.218    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.140    266
  255.255.255.255  255.255.255.255         On-link     192.168.195.1    276
  255.255.255.255  255.255.255.255         On-link      192.168.58.1    276
  255.255.255.255  255.255.255.255         On-link     172.28.49.218    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      172.28.48.1       1
===========================================================================

Can someone who is more gifted at routing than me please explain why
the route is failing once connecting to the VPN?  Should I be
attempting to recreate my Windows routes on the Linux machine? In the
meantime I will attempt to connect manually and play around with
default routes
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux