This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Connection only for some Target Addresses

Hi,

I've kind of a special requirement:
I've an Internet connection with a govermental firewall and so I have a VPN Connection, to allow access to some needed blocked websites.
But the traffic through the VPN is slower so I want to route the traffic depending on a configurable list of IPs/Hostnames.
But now after establishing the SSL-VPN with Sophos all the traffic is routet through this VPN. I couldn't find a configuration menu to change this. Is there a way directly with Sophos to handle this or how can you run this setup with sophos?

thanks,
linuxadmin

This thread was automatically locked due to age.

Parents

0 linuxadmin_01 over 10 years ago

Hello,

so I tried several hours to get a IPsec VPN running on the Sophos without success. I still would prefer the Openvpn, so I continued with that.
One problem are the automatic routes that are created with connection to the IPsec VPN Server. I deleted them manually. Is there a GUI way or do I have to write a script for that?

Now I have the internet interfaces:
eth2      Link encap:Ethernet  HWaddr 00:0C:29:98:2A:CF
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          GW: 192.168.2.4
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
         GW: 10.8.0.1

By adding routes I could choose if eth2 / tun0 is used. But I guess that is not the best solution.
So I tried to add the NAT:
Traffic selector: 192.168.2.0/24 → Any → heise online - IT-News, Nachrichten und Hintergründe
Source translation: 10.8.0.0/24

But it's still routet through eth2, not tun0. In the Firewall Logfile I can see that my NAT rule is logged for each time I access heise online - IT-News, Nachrichten und Hintergründe

So I still don't understand how I can manipulate / define which route is taken if there are two standard routes and not a separate route for each dns host/host.
All the routing stuff you find in the internet and I learned during my apprenticeship only covers the basic routes, nat but not this kind of things...

So what am I doing wrong?

thanks so much for your help,
linuxadmin
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 linuxadmin_01 over 10 years ago

Hello,

so I tried several hours to get a IPsec VPN running on the Sophos without success. I still would prefer the Openvpn, so I continued with that.
One problem are the automatic routes that are created with connection to the IPsec VPN Server. I deleted them manually. Is there a GUI way or do I have to write a script for that?

Now I have the internet interfaces:
eth2      Link encap:Ethernet  HWaddr 00:0C:29:98:2A:CF
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          GW: 192.168.2.4
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
         GW: 10.8.0.1

By adding routes I could choose if eth2 / tun0 is used. But I guess that is not the best solution.
So I tried to add the NAT:
Traffic selector: 192.168.2.0/24 → Any → heise online - IT-News, Nachrichten und Hintergründe
Source translation: 10.8.0.0/24

But it's still routet through eth2, not tun0. In the Firewall Logfile I can see that my NAT rule is logged for each time I access heise online - IT-News, Nachrichten und Hintergründe

So I still don't understand how I can manipulate / define which route is taken if there are two standard routes and not a separate route for each dns host/host.
All the routing stuff you find in the internet and I learned during my apprenticeship only covers the basic routes, nat but not this kind of things...

So what am I doing wrong?

thanks so much for your help,
linuxadmin
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data