Thursday, December 18, 2008

PPTP Tunnel and /sbin/route

My SSH tunnel was acting flaky, so I decided to use the PPTP server feature on my DD-WRT router. It was extremely straightforward, though sending all traffic through the tunnel was a non-starter. To fix it, I had to route my "naughty" sites through the VPN and around the corporate network. My router at home is configured to use 192.168.1.0/24

#!/bin/sh
/sbin/route -n add -net login.oscar.aol.com $IPREMOTE >> /tmp/ppp.log 2>&1
/sbin/route -n add -net talk.google.com $IPREMOTE >> /tmp/ppp.log 2>&1
/sbin/route -n add -net imap.gmail.com $IPREMOTE >> /tmp/ppp.log 2>&1
/sbin/route -n add -net smtp.gmail.com $IPREMOTE >> /tmp/ppp.log 2>&1
/sbin/route -n add -net facebook.com $IPREMOTE >> /tmp/ppp.log 2>&1
/sbin/route -n add -net ebay.com $IPREMOTE >> /tmp/ppp.log 2>&1
/sbin/route -n add -net me.com $IPREMOTE >> /tmp/ppp.log 2>&1
/sbin/route -n add -net mail.mac.com $IPREMOTE >> /tmp/ppp.log 2>&1
/sbin/route -n add -net gmail-imap.l.google.com $IPREMOTE >> /tmp/ppp.log 2>&1
/sbin/route -n add -net gmail-smtp.l.google.com $IPREMOTE >> /tmp/ppp.log 2>&1
/sbin/route -n add -net 205.188.0.0/16 $IPREMOTE >> /tmp/ppp.log 2>&1
/sbin/route -n add -net 64.12.0.0/16 $IPREMOTE >> /tmp/ppp.log 2>&1

This belongs in the /etc/ppp/ip-up config file which should be set as executable. The script is run upon successful connection to the VPN. The last two entries are required to route AIM traffic through the tunnel. The background of this config can be found here: http://www.easyzonecorp.net/network/view.php?ID=572

No comments: