Check that the VPN works. Usually you can log in and ping known hosts, or even name search with the full domain path. However it does not work without and you can’t access hosts by looking up just their name.

We want to add that domain search and replace the name servers in /etc/resolv.conf automatically upon VPN activation. Now, contrary to everything you read about ip-up and ip-down, this does not work! The VPN connection manager calls pppd with some arguments and it does not execute any scripts. Don’t waste your time wondering why as I did.

The way to get around it is to install resolvconf:
>$ sudo apt-get install resolvconf

Now try starting your VPN and doing a lookup. Hopefully it works, pppd calls resolvconf and passes it the name server on the VPN, and resolvconf overwrites /etc/resolv.conf to reflect the change. Check that the VPN name servers have been written to the /etc/resolv.conf file. However, once you exit the VPN connection resolvconf is called to delete the new name server info and you end up with an empty /etc/resolv.conf and you can’t resolve anything anymore until you edit /etc/resolv.conf and add ‘nameserver 192.168.xxx.yyy’ (your local name server). Once that is done, all is well again. To prevent having to do this after every VPN reconnect, resolvconf needs default information stored in /etc/resolvconf/resolvconf.d/base.

Edit your /etc/resolvconf/resolvconf.d/base file to read ‘nameserver 192.168.xxx.yyy’, providing the address of your local name server (not the VPN one).

After this it should work! Log in to the VPN and log out and your local connection, along with your local name server, should be restored.

Happy VPN ing!

Sorry the post is misleading. The route command should add the gateway for your VPN to the route table. My VPN is on the 10.10.30 subnet and my gateway from the VPN network to the internets (hehe) is 10.10.30.1. You should find the gateway for your VPN and then use that.

Here is what my route looks like once I VPN in and run the command:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
69.15.181.37    192.168.1.1     255.255.255.255 UGH   0      0        0 eth1
192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
default         10.10.30.1      0.0.0.0         UG    0      0        0 ppp0
default         *               0.0.0.0         U     0      0        0 ppp0

As you can see, my wireless device has the gateway from the VPN network to the outside. However, the VPN device needs a gateway as well and that is what I setup with the route command so that the ppp0 has the gateway to the VPN network.

Also, be careful of multiple networking devices. If you have wireless and wired devices I’ve seen it where sometimes if I’m using wireless my wired device will be assigned the VPN bridge and the route for the VPN gateway will be for my wired device.

this is definitely the problem I’m having (I’m using the Cisco VPN, patched) it does connect, and, if I enter the IP address manually it does ping, browse, whatever.

However, having followed your “absurdly simple” instructions does not seem to alleviate the problem.
My /etc/resolv.conf seems to be created correctly by the Cisco client and looks like this:

domain mycompany.com
nameserver 10.32.38.104
nameserver 10.32.38.109

I get an IP address that looks something like
10.32.54.128/255.255.254.0

but running the route command does not seem to fix the issue.
A couple of questions:

1. what should be the IP entry in the route command?
2. what should the routing table (the one shown by the route command alone) look like?

Thanks,
Marco.