2

I have setup my VPN client (VPNC Front End) to use split tunneling. After the VPN is connected, I have a script which adds the routes for all of the IP addresses that I know should be routed through the VPN.

Now and then, I bump into IP addresses which are not routed through the VPN and hence are not accessible from the outside either. Using a multi-threaded ping with all traffic forced over the VPN, I figure out the proper range of IP addresses which should be routed through the VPN. I then add those newly discovered routes to my script.

The above process is annoying. Is there an automated way I can know which IP addresses should be routed through the VPN?

I already have 10.0.0.0/255.0.0.0, 172.16.0.0/255.240.0.0 and 192.168.0.0/255.255.0.0 routed through the VPN. However, I find there are several other IP addresses which must be routed through the VPN in order to view the internal version of the site.

Improve this question

1 Answer 1

Reset to default
2

There is no magic way to discover what networks should be directed to your VPN connection or not.

There are VPN gateway that advertises networks that should be available in client network, but there may be other resources that are available but is not advertised.

The private IPv4 networks are usually in 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 networks, which you are already routing to your VPN connection.

If there are other private resources that you need access, you should ask your network administrator which networks should be routed through the VPN connection.

Improve this answer
6
  • How do I query the VPN gateway for the networks that are available?
    – Nathan
    Commented Aug 5, 2014 at 21:57
  • On VPNC if the VPN gateway supplies the network list, it will add automatically the route, otherwise it will add your tunnel device as default route. You can also check the VPNC log for this info.
    – denisvm
    Commented Aug 5, 2014 at 22:37
  • How would a network administrator know which networks should be routed through the VPN connection? For a small company, this could easily be done via memory. For a large company, how would they look up the information?
    – Nathan
    Commented Aug 13, 2014 at 19:05
  • Well, it depends, firstly, this kind of information should be documented. It is recommended to allow only the traffic you need to pass through VPN tunnel, so the network administrator should know which routes needs to be published and which groups/users should have access to them.
    – denisvm
    Commented Aug 13, 2014 at 21:51
  • I checked the VPNC log. The gateway did not provide network configuration. It did provide the internal address, default domain, and DNS servers but no route information.
    – Nathan
    Commented Aug 14, 2014 at 17:29

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .