Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Avoid creating PPTP default routes' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Avoid creating PPTP default routes
Authored by: Kirke on Oct 09, '04 02:54:58AM

This hint is great, but I have a couple of questions just to clarify what's going on and a bit of a problem that maybe someone can help solve.

First, is it fair to assume that ip-up (and ip-down) are files that [something] looks for and executes when initiating (and ending) a VPN session? It just happens that they are missing/not used by default? Is "[something]" Internet Connect or is this a more standard unix thing?

Ok, now here's my problem--a bit of a catch-22 actually. The DNS that can resolve the names of internal servers to their corresponding IP addresses is itself only available "internally." Let me give an example; maybe that will explain this better.

Pretend I work for Zippy Foods and want to connect to zippyfoods.com VPN. The VPN server's address is vpn.zippyfoods.com, the public Web site is www.zippyfoods.com and there is an internal server called private.zippyfoods.com. The DNS that can resolve the private.zippyfoods.com name is at 101.102.103.104 and is only reachable from inside the network.

So, following the instructions from hint, I get to the resolver step and create a new file called zippyfoods.com that looks like:
nameserver 101.102.103.104
nameserver [something cryptic]
port 53
timeout 1

So now I try to connect to the VPN at vpn.zippyfoods.com or go to the public Web site and get an error since it can't resolve those names. Since they are part of zippyfood.com, my computer tries to ask 101.102.103.104 about them and gets no response (because it's not reachable from outside the network).

I can fix the VPN part by changing my parameters to look for the IP address of the VPN server instead (no big deal). But that doesn't solve the issue of not being able to get to the public zippyfoods.com Web site when not connected to the VPN.

I thought maybe a new entry in the /etc/resolver directory for www.zippyfoods.com pointing to local ("ln -s local www.zippyfoods.com") might solve this, but it doesn't seem to. There must be a way to resolve this issue. Any suggestions? It seems silly to have to connect to the VPN even to connect to public servers.

Thanks,
Kirke



[ Reply to This | # ]