Basic script to be used inconjunction vpnc-scipt (comes with the installation of vpnc). This script also leverages dnsmasq to allow for you to define specific domains to query over the VPN connection while forwarding the rest of your dns queries to your local DNS. This allows for a truely transparent split tunnel experience.
- vpnc
- dnsmasq
- Install the dependencies
- Copy
vpnc-split-tunnel.shto/etc/vpnc/ - Modify your existing
vpnc.confto referencevpnc-split-tunnel.shusing the "Script" variable - Start vpnc and verify the routes with
netstat -rn
By default vpnc-split-tunnel.sh assumes the following:
- The DNS server(s) are pushed from the VPN gateway
- The domain(s) are pushed from the VPN gateway
If either or both of these assumptions are false you will
need to modify some variables insidevpnc-split-tunnel.sh:
INTERNAL_IP4_DNSSet this variable to your DNS server IPs beyond the VPN gatewayCISCO_DEF_DOMAINSet this variable to the domains of servers you would like to access by internal DNS
SUBNET_LISTAdd a list of additional internal subnets to be accessible over the split tunnel.RESOLV_CONFLocatin of resolv.confDNSMASQ_CONFLocation of where to put thednsmasq.confthat will be generated by this scriptDNSMASQ_CONF_BACKUPLocation of where to put the dnsmasq.conf backup file if a file exists before we generate the VPN specific configDNSMASQ_LISTENThe IP the dnsmasq daemon will bind toDNSMASQ_BINdnsmasq binary