Sean's i/o Stream

Musings-as-a-Service

AT&T VPN and Ubuntu play nice

  • November 24, 2010
  •   category: linux
  • tags: att-vpn, ibm, vpn

Since moving a role of a non-traditional office worker, I have joined the group of folks that live or die by VPN access. I have had success with tips and tricks from the internet and intranet to get the clients installed and working but haven’t found any really good ways to make them work when I need to access both the VPN and my local intranet.

Here is a bug someone else files showing what happens to the /etc/resolv.conf file when the AT&T VPN is started: https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/291161

Apparently the folks at AT&T made some assumptions about how this should work, or purposefully limited the dual use access for whatever reason. In either case if I want to get to local machines by name I need to disconnect from the VPN, and if I want to get to corporate LAN machines I need to be on the VPN, so you can see how this is not ideal. Since the development of the linux VPN client by AT&T seems to be dead for one reason or another, and I don’t have another VPN client option at the moment I need to work with what I have.

Sure I can modify my /etc/hosts file but I don’t like the way little hacks like this make me feel, and that nullifies the effort I put into the dnsmasq solution that is doing my internal static dhcp/dns host resolution for me. But after further investigation it looks like I need to setup a DNS server that will fail rather than forward the request, right now my router acts as a dnsmasq server to check for statically defined host names first and returning them if possible or forwarding the requests onto OpenDNS for resolution. This is not really practical for my rather simplistic use here where I have less than 30 machines to deal with. So I will concede for now, update my /etc/hosts file with the few machines I need right now, and revisit this when I have a better answer.

Score another one for the bad guys… cludge 1, elegance 0 may be I should just put in a request for the Cisco VPN client and actually get some linux support…

Reference:
Back to Top