Use VPN for only one RDP connection in Ubuntu

I'm not an expert in networking stuff. I have a CISCO VPN connection set up, to connect my computer at my work, using a VPN connection, and Remmina. This works fine, but all my internet traffic goes through this VPN connection -> sites are blocked, etc.

Is it possible to route only this specific RDP connection through the VPN, and the rest not?

These are the results of running netstat -rn before the VPN connection:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window   irtt Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0           0 wlan0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0           0 wlan0

and afterwards:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window   irtt Iface
0.0.0.0         0.0.0.0         0.0.0.0         U         0 0          0 tun0
128.131.240.4   192.168.1.1     255.255.255.255 UGH       0 0          0 wlan0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 wlan0

These are the results of running netstat-rn after suggested things:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window   irtt Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0           0 wlan0
128.131.39.64   0.0.0.0         255.255.255.255 UH        0 0           0 tun0
128.131.240.4   192.168.1.1     255.255.255.255 UGH       0 0           0 wlan0

wa4557

Posted 2013-12-03T22:23:58.013

Reputation: 141

Can you [edit] and add the results of netstat -rn before and after connecting? Use a terminal / console session to run the command. – Paul – 2013-12-03T22:55:15.787

Answers

I figured it out how to do it:

in the network manager go to the VPN-configuration, then to IPv4, settings and Routing.

Enable: Use this connection only for ressources of this network.

Then add the ip-adress (e.g. 128.131.39.64) the subnet mask (255.255.255.255) and the gateway (0.0.0.0). The netstat -rn looks similar but not exactly as in the suggested answer from Paul

0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 wlan0
128.131.39.64   0.0.0.0         255.255.255.255 UH        0 0          0 tun0
128.131.240.4   192.168.1.1     255.255.255.255 UGH       0 0          0 wlan0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 wlan0

remote desktop connection works, but surfing is not routed through the VPN-connection

wa4557

Posted 2013-12-03T22:23:58.013

Reputation: 141

Once the tunnel us up, issue the following.

Remove the default route:

sudo ip route del default dev tun0

This was pushing everything down the tunnel. Next, put it back where it was:

sudo ip route add default via 192.168.1.1

Next add a specific route for the RDP server you want to get to:

sudo ip route add <rdp server ip address>/32 dev tun0

So if the RDP server was 10.10.10.10, this would look like:

sudo ip route add 10.10.10.10/32 dev tun0

The success of this depends a bit on how deeply the vpn client embeds itself in the network stack, but it should work...

Paul

Posted 2013-12-03T22:23:58.013

Reputation: 52 173

works kind of... I can connect to the remote desktop, but now I#m no longer able to surf in the internet... – wa4557 – 2013-12-05T19:35:41.910

@user1943296 Can you add the output of netstat -rn after the suggest routing changes? – Paul – 2013-12-06T01:48:56.103

I edited my question – wa4557 – 2013-12-06T22:39:51.147

The routing is correct, so it seems like the VPN client you are using will honour the policy set by the VPN gateway. The administrators of your VPN have set the policy such that it is an all or nothing deal. Unfortunately your best best is to either request the policy be changed, or to run your VPN in a virtual machine. – Paul – 2013-12-08T20:51:30.837

Yeah, thanks I feared that. Do you know if there's a client who does not? – wa4557 – 2013-12-09T10:02:46.603