DNS is not available after manual changing default route

[Dron007]

My office VPN (F5) changes route 0.0.0.0 so that all traffic goes through it. I want to change it to default gateway and add only specific VPN routes. When I do

route DELETE 0.0.0.0
route ADD 0.0.0.0 MASK 0.0.0.0 192.168.201.20 METRIC 1 IF 10

I see that route table is updated but any DNS request fails.

Routes before (IP is changed for security reasons):

 

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         On-link      1.2.3.4      1

Routes after:

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   192.168.201.20  192.168.201.238     11

I tried flushing DNS. Still no results. What would you recommend?

OS: Win7.

[+BudMan MVC]

You understand that when you connect to a work vpn they almost always prevent split tunneling and force all traffic out their interface... Changing the local route table normally not going to be able to over come that restriction via the vpn application you are running.

[Dron007]

  On 16/07/2019 at 16:32, BudMan said:

You understand that when you connect to a work vpn they almost always prevent split tunneling and force all traffic out their interface... Changing the local route table normally not going to be able to over come that restriction via the vpn application you are running.

Expand  

My colleagues using Macs managed to do that editing route tables. With previous VPN I managed to edit routes to unlock some local IPs conflicting with routes received from VPN. So I hope it is possible somehow.

 

Here is Mac script:

#!/usr/bin/env bash

# list all possible interfaces your mac may own
vpn_interfaces=(utun2 utun3)
eth_interfaces=(en5)
wifi_interfaces=(en0)

declare -a ip_iface

get_ip () {
  local interfaces=($*)
  ip_iface=()
  for iface in "${interfaces[@]}"; do
    local ip=$(ifconfig $iface inet 2>/dev/null | awk '/inet / {print $2}')
    if [ -n "$ip" ]; then
      ip_iface=($ip $iface)
      break
    fi
  done
}

get_ip ${vpn_interfaces[*]}
vpn_ip=${ip_iface[0]}
vpn_iface=${ip_iface[1]}

get_ip ${eth_interfaces[*]}
eth_ip=${ip_iface[0]}
eth_iface=${ip_iface[1]}

get_ip ${wifi_interfaces[*]}
wifi_ip=${ip_iface[0]}
wifi_iface=${ip_iface[1]}

echo "VPN($vpn_iface): ${vpn_ip} | Network($eth_iface): ${eth_ip} | WiFi($wifi_iface): ${wifi_ip}"

echo "- Deleting VPN routes"
route delete default $vpn_ip 2>/dev/null

echo "- Restoring default routing"
# this is my home router default GW
route add default 192.168.1.2 2>/dev/null
# this is LOCAL router ETH default GW
route add default 192.168.201.10 2>/dev/null

ranges=(
  '1.2.3.4/15'
  '2.3.4.5/14'
  .......
)

echo "- Limiting VPN only to Company resources"
for cidr in "${ranges[@]}"; do
  route add -net $cidr $vpn_ip >/dev/null 2>&1
done

echo "Done!"

 

[+BudMan MVC]

Again - comes down to the restrictions placed by the place your vpn into.. Are you running a native vpn client on windows - or did you install an "application" from them to vpn into work..

 

Look to the F5 configuration - they can enable split tunnel or they can prevent it..

 

[goretsky Supervisor]

Hello,

 

Why don't you just contact your employer's IT department, explain the business need for accessing the sites in question, and have them make changes to the configuration to support you?  That way, you won't get in trouble if someone from there notices your computer is going out to the public internet.

 

Regards,

 

Aryeh Goretsky