[SOLVED] Unable to access internet sites when using VPN in Ubuntu

[Update] -If after following the first solution now you run into being unable to access VPN related resources, read on to second set of symptom/solution.

This one was a quick one to fix but took quite a bit of searching to find. Hence why I'm writing this post, to keep the solution handy for future reference.

Symptom: You setup and connect successfully to a VPN but in doing so you have also lost access to any resource outside of your barb-wired network. I.E. you can access your staging server for work but won't load icons from font awesome's CDN since the VPN's DNS server is being a little bitch about the outside interwebz (As it should).

Solution: Based on this thread, follow these easy steps...

  1. Edit the VPN connection
  2. Go to IP Settings tab (IPv4 Settings and IPv6 Settings)
  3. Click on Routes
  4. Check Use this connection only for resources on its network
  5. Restart the connection

via GIPHY

Second Symptom: Now that you checked Use this connection only for resources on its network you have access to regular sites outside VPN, but access to routes within the private network now flake out and timeout. In my case it was a Postgres database which for privacy's sake we'll say was hosted as db.chastity.belt within the VPN.

Solution Continuation: Firstly with the Use this connection only for resources on its network option unchecked ping db.chastity.belt to get the IP address we want to route to...

$ ping db.chastity.belt
PING db.chastity.belt (192.60.50.8) 56(84) bytes of data.  
...

In this example the IP is 192.60.50.8, so now we add it to our hosts file appropriately...

$ echo "192.60.50.8    db.chastity.belt" > /etc/hosts

(you can also use vim/gedit to edit the /etc/hosts file manually)

With the hosts now updated re-check the Use this connection only for resources on its network option, and run route...

$ route

Kernel IP routing table  
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface  
default         dlinkrouter     0.0.0.0         UG    0      0        0 wlan0  
192.50.222.0    ip-192-50-232-1 255.255.240.0   UG    101    0        0 tun0  
192.168.98.0    *               255.255.255.0   U     0      0        0 vboxnet1  

In this case we can see that the VPN's Iface is named tun0, so we make a note of it. NOTE that yours might be named completely different, but just keep in mind that wlan0 is wifi, eth0 is LAN, vboxnet1 is VirtualBox, etc. So look for the one that stands out from the rest.

Now that we know our VPN's Iface is tun0, the host we wish to reach is db.chastity.belt and that the IP of said host is 192.60.50.8 we simply add the pertinent route using the route command...

$ route add -host 192.60.50.8 dev tun0

To verify all is good now simply run route by itself...

$ route

Kernel IP routing table  
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface  
default         dlinkrouter     0.0.0.0         UG    0      0        0 wlan0  
192.50.222.0    ip-192-50-232-1 255.255.240.0   UG    101    0        0 tun0  
db.chastity.bel *               255.255.255.255 UG    101    0        0 tun0  
192.168.98.0    *               255.255.255.0   U     0      0        0 vboxnet1  

Lo and behold, we now have a new route which automagically shows up using the host we added to the hosts files earlier. Now you'll need to do this for any other route within the VPN you may need access to. Just that.

via GIPHY

Show Comments