[Update] -If after following the first solution now you run into being unable to access VPN related resources, read on to second set of symptom/solution.
was a quick one to fix but took quite a bit of searching to find. Hence why I'm writing this post, to keep the solution handy for future reference.
Symptom: You setup and connect successfully to a VPN but in doing so you have also lost access to any resource outside of your barb-wired network. I.E. you can access your staging server for work but won't load icons from font awesome's CDN since the VPN's DNS server is being a little bitch about the outside interwebz (As it should).
Solution: Based on this thread, follow these easy steps...
- Edit the VPN connection
- Go to IP Settings tab (IPv4 Settings and IPv6 Settings)
- Click on
Use this connection only for resources on its network
- Restart the connection
Second Symptom: Now that you checked
Use this connection only for resources on its network you have access to regular sites outside VPN, but access to routes within the private network now flake out and timeout. In my case it was a Postgres database which for privacy's sake we'll say was hosted as
db.chastity.belt within the VPN.
Solution Continuation: Firstly with the
Use this connection only for resources on its network option unchecked ping
db.chastity.belt to get the IP address we want to route to...
$ ping db.chastity.belt PING db.chastity.belt (22.214.171.124) 56(84) bytes of data. ...
In this example the IP is
126.96.36.199, so now we add it to our hosts file appropriately...
$ echo "188.8.131.52 db.chastity.belt" > /etc/hosts
(you can also use vim/gedit to edit the
/etc/hosts file manually)
With the hosts now updated re-check the
Use this connection only for resources on its network option, and run
$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default dlinkrouter 0.0.0.0 UG 0 0 0 wlan0 184.108.40.206 ip-192-50-232-1 255.255.240.0 UG 101 0 0 tun0 192.168.98.0 * 255.255.255.0 U 0 0 0 vboxnet1
In this case we can see that the VPN's Iface is named
tun0, so we make a note of it. NOTE that yours might be named completely different, but just keep in mind that
wlan0 is wifi,
eth0 is LAN,
vboxnet1 is VirtualBox, etc. So look for the one that stands out from the rest.
Now that we know our VPN's Iface is
tun0, the host we wish to reach is
db.chastity.belt and that the IP of said host is
220.127.116.11 we simply add the pertinent route using the
$ route add -host 18.104.22.168 dev tun0
To verify all is good now simply run
route by itself...
$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default dlinkrouter 0.0.0.0 UG 0 0 0 wlan0 22.214.171.124 ip-192-50-232-1 255.255.240.0 UG 101 0 0 tun0 db.chastity.bel * 255.255.255.255 UG 101 0 0 tun0 192.168.98.0 * 255.255.255.0 U 0 0 0 vboxnet1
Lo and behold, we now have a new route which automagically shows up using the host we added to the hosts files earlier. Now you'll need to do this for any other route within the VPN you may need access to. Just that.