multiple VPN connection

alirezad · #1 27th March 2012, 11:25 PM

hello
in the organization that I work , we should connect to wireless and then connect to a VPN server to access the internet.
for some works i need to connect to another vpn server in another country but i couldnt find a way to connect with multiple vpn connection at the same time in fedora .
i will be very thankful if you have any solution .
and sorry for my bad english .

jpollard · #2 28th March 2012, 12:23 AM

There really isn't one.

Frequently the problem is the VPN security restrictions - a VPN can require that all other network connections be cut.

I pointed this out to a government group once, that if they made the VPN cut other networks off, that the users NFS mounted home directory would also be cut - making the data they wanted to transfer over the VPN unavailable.

Many of these concerns are about creating unwanted traffic from an external network (the alternate VPN or user nets) from gaining access to the restricted network. This is mostly due to the effect that Windows virus infections have.

stevea · #3 28th March 2012, 01:18 AM

Quote:

Originally Posted by alirezad

hello
in the organization that I work , we should connect to wireless and then connect to a VPN server to access the internet.
for some works i need to connect to another vpn server in another country but i couldnt find a way to connect with multiple vpn connection at the same time in fedora .
i will be very thankful if you have any solution .
and sorry for my bad english .

Hi Ali.

Which VPN are you using ? openvpn ? vpnc ? other ?

Often the first vpn config routes all accesses through the VPN, so then you just need to make a routing table entry to go directly through the interface to the second VPN server.

You probably want to make sure each VPN works individually, and also record the router setting which each VPN is up with
sudo ip route

You English is pretty good BTW.

---------- Post added at 08:18 PM ---------- Previous post was at 07:39 PM ----------

Also record any /etc/resolv.conf settings while each VPN is up. To correctly resolve the DNS addresses when you are connected to two VPNs/LANs you'll probably want to run your own trivial DNS server like ....
Lets say the first VPN connects you to a network for addresses 10.10.x.x and 10.11.x.x with DNS server 10.10.5.6 (name vpn1.com, myorg1.org)
And assume the second VPN connects you to 199.190.x.x with DNS server 199.190.42.42 (name vpn2.com and me2.org)
and let's assume your local lan is 192.168.168.x (dns server 192.168.168.77)

Then you can use dnsmasq server something like ....

/usr/sbin/dnsmasq --bind-interfaces --interface=lo \
--no-poll --all-servers --pid-file=/tmp/dnsmasq.pid --no-resolv \
--server=192.168.168.77 \
--server=vpn1.com/myorg1.org 10.10.5.6 \
--server=0.10.in-addr.arpa,11.10.in-addr.arpa 10.10.5.6 \
--server=vpn2.com/me2.org 199.190.42.42
--server=190.199.in-addr.arpa 199.190.42.42

You'll have to tweak that. The point is to route all the dns forward and reverse resolves to the correct dns server.

alirezad · #4 28th March 2012, 12:56 PM

thanks jpollard and stevea.
is it realy that many hard ?!
i just want to connect to a vpn server and then connect to another vpn server through my first vpn .
you all know this is a common work in windows.

jpollard · #5 28th March 2012, 04:12 PM

Note, your second VPN will cut off access to the first... I do believe existing connections (the one for the first VPN) will remain usable...

Layered VPNs (VPN 2 over VPN1 over wireless) is just asking for trouble. (Frequently, the wireless is actually another VPN...)

tuxor · #6 28th March 2012, 07:37 PM

I always access the internet via an OpenVPN connection that I set up using NetworkManager. Whenever I want to access special areas of my university network, I have to establish a cisco vpn connection in addition. Of course it's not possible to achieve this with NetworkManager. But it's really easy to edit the config file in /etc/vpnc/default.conf and simply start "vpnc"...

Never had a problem with this configuration. But we're still waiting for more information about your case, alirezad! Which kinds of VPN do you use? OpenConnect/AnyConnect, IPSec/CiscoVPN, PPTP, OpenVPN?

stevea · #7 28th March 2012, 08:44 PM

Quote:

Originally Posted by jpollard

Note, your second VPN will cut off access to the first... I do believe existing connections (the one for the first VPN) will remain usable...

Note, you don't know what you are talking about JP, please stop posting when that occurs.

OpenVPN has supported multiple simultaneous connection since openvpn 2.0, i've had it setup myself.

The config problem is that the route entries are often 'pushed' from the server side and many times these are not sufficiently restrictive to allow multiples. So all you need is some route entries to get traffic through.

The typical dns resolver doesn't route - so you have to.

jpollard · #8 28th March 2012, 09:13 PM

And you don't know all the configurations that can cut off networks.

Been there seen that.

And OpenVPN isn't always an acceptable VPN. It always depends on the environment being supported by the remote VPN connection.

stevea · #9 1st April 2012, 06:47 AM

Quote:

Originally Posted by jpollard

And you don't know all the configurations that can cut off networks.

You said 'second network WILL cutoff first - as though it's a certainty. You are wrong - it's not -it's not even generally true.

Get a clue.