• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

  • 0

DNS is not available after manual changing default route

Question

Dron007    0
Posted (edited)

My office VPN (F5) changes route 0.0.0.0 so that all traffic goes through it. I want to change it to default gateway and add only specific VPN routes. When I do

route DELETE 0.0.0.0
route ADD 0.0.0.0 MASK 0.0.0.0 192.168.201.20 METRIC 1 IF 10

I see that route table is updated but any DNS request fails.

Routes before (IP is changed for security reasons):

 

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         On-link      1.2.3.4      1

Routes after:

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   192.168.201.20  192.168.201.238     11

I tried flushing DNS. Still no results. What would you recommend?

OS: Win7.

Share this post


Link to post
Share on other sites

4 answers to this question

Recommended Posts

  • 0
+BudMan    3,446

You understand that when you connect to a work vpn they almost always prevent split tunneling and force all traffic out their interface... Changing the local route table normally not going to be able to over come that restriction via the vpn application you are running.

Share this post


Link to post
Share on other sites
  • 0
Dron007    0
Posted (edited)
19 hours ago, BudMan said:

You understand that when you connect to a work vpn they almost always prevent split tunneling and force all traffic out their interface... Changing the local route table normally not going to be able to over come that restriction via the vpn application you are running.

My colleagues using Macs managed to do that editing route tables. With previous VPN I managed to edit routes to unlock some local IPs conflicting with routes received from VPN. So I hope it is possible somehow.

 

Here is Mac script:

#!/usr/bin/env bash

# list all possible interfaces your mac may own
vpn_interfaces=(utun2 utun3)
eth_interfaces=(en5)
wifi_interfaces=(en0)

declare -a ip_iface

get_ip () {
  local interfaces=($*)
  ip_iface=()
  for iface in "${interfaces[@]}"; do
    local ip=$(ifconfig $iface inet 2>/dev/null | awk '/inet / {print $2}')
    if [ -n "$ip" ]; then
      ip_iface=($ip $iface)
      break
    fi
  done
}

get_ip ${vpn_interfaces[*]}
vpn_ip=${ip_iface[0]}
vpn_iface=${ip_iface[1]}

get_ip ${eth_interfaces[*]}
eth_ip=${ip_iface[0]}
eth_iface=${ip_iface[1]}

get_ip ${wifi_interfaces[*]}
wifi_ip=${ip_iface[0]}
wifi_iface=${ip_iface[1]}

echo "VPN($vpn_iface): ${vpn_ip} | Network($eth_iface): ${eth_ip} | WiFi($wifi_iface): ${wifi_ip}"

echo "- Deleting VPN routes"
route delete default $vpn_ip 2>/dev/null

echo "- Restoring default routing"
# this is my home router default GW
route add default 192.168.1.2 2>/dev/null
# this is LOCAL router ETH default GW
route add default 192.168.201.10 2>/dev/null

ranges=(
  '1.2.3.4/15'
  '2.3.4.5/14'
  .......
)

echo "- Limiting VPN only to Company resources"
for cidr in "${ranges[@]}"; do
  route add -net $cidr $vpn_ip >/dev/null 2>&1
done

echo "Done!"


 

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,446

Again - comes down to the restrictions placed by the place your vpn into.. Are you running a native vpn client on windows - or did you install an "application" from them to vpn into work..

 

Look to the F5 configuration - they can enable split tunnel or they can prevent it..

 

Share this post


Link to post
Share on other sites
  • 0
goretsky    1,030

Hello,

 

Why don't you just contact your employer's IT department, explain the business need for accessing the sites in question, and have them make changes to the configuration to support you?  That way, you won't get in trouble if someone from there notices your computer is going out to the public internet.

 

Regards,

 

Aryeh Goretsky

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.