XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On 01.04.2024 um 18:35 Uhr Markus Robert Kessler wrote:

I am running several machines for connecting to our company intranet,
using openconnect VPN.

Invoked directly or via NetworkManager?

So far, it works. But:

The debian based systems, i.e. Ubuntu 23.10 and Raspbian OS show up
hundreds of routes after connect. And it's clear that they are
brought to my client via server-initiated 'push route ...' command.

Some of these routes are conflicting with machines in my home office
net.

So, I'd like to skip getting such a huge amount of useless routes. I
want to set the routing by my own script, instead.

NetworkManager has an option to ignore routes from the peer.
Connection settings --> IPv4/IPv6 settings --> Routes --> Ignore
automatically obtained routes

The funny thing is that a Redhat-based OS, Mageia 9 (64 and 32 bit),
does not behave like this, instead only the default route
(10.0.0.0/8) is sent through tun0.

This is not a default route and if they don't add the routes from the
VPN server, this is either a setting or a serious bug.

Maybe someone can give a hint where to download the openconnect
sources for Ubuntu?

If you really need them:
https://www.infradead.org/openconnect/download.html


--
kind regards
Marco

Send spam to 1711989349muell@cartoonies.org

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

Hi all,

I am running several machines for connecting to our company intranet,
using openconnect VPN.

So far, it works. But:

The debian based systems, i.e. Ubuntu 23.10 and Raspbian OS show up
hundreds of routes after connect. And it's clear that they are brought to
my client via server-initiated 'push route ...' command.

Some of these routes are conflicting with machines in my home office net.

So, I'd like to skip getting such a huge amount of useless routes. I want
to set the routing by my own script, instead.

The funny thing is that a Redhat-based OS, Mageia 9 (64 and 32 bit), does
not behave like this, instead only the default route (10.0.0.0/8) is sent through tun0.

So, maybe this is a matter of compilation?

Or something else to look after, to prevent openconnect from doing this?

Maybe someone can give a hint where to download the openconnect sources
for Ubuntu?

Thanks in advance!

Best regards,

Markus

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On 2024-04-01, Markus Robert Kessler <no_reply@dipl-ing-kessler.de> wrote:

So, maybe this is a matter of compilation?

Or something else to look after, to prevent openconnect from doing this?

Maybe someone can give a hint where to download the openconnect sources
for Ubuntu?

As long as you have the deb-src lines in your /etc/apt/sources.list etc
Then for any package

apt-get source package-name

gets you the source that was used to compile the binaries in the package.

e.g. see https://www.cyberciti.biz/faq/how-to-get-source-code-of-package-using-the-apt-command-on-debian-or-ubuntu/

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On Mon, 1 Apr 2024 20:56:45 +0200 Marco Moock wrote:

On 01.04.2024 um 18:35 Uhr Markus Robert Kessler wrote:

I am running several machines for connecting to our company intranet,
using openconnect VPN.

Invoked directly or via NetworkManager?

Directly

So far, it works. But:

The debian based systems, i.e. Ubuntu 23.10 and Raspbian OS show up
hundreds of routes after connect. And it's clear that they are brought
to my client via server-initiated 'push route ...' command.

Some of these routes are conflicting with machines in my home office
net.

So, I'd like to skip getting such a huge amount of useless routes. I
want to set the routing by my own script, instead.

NetworkManager has an option to ignore routes from the peer. Connection settings --> IPv4/IPv6 settings --> Routes --> Ignore automatically
obtained routes

Looks promising! Thanks!

So, openconnect does have a (commandline) option, which network manager
invokes to get rid of those routing infos?

I didn't find this switch in the man page yet. Do you know its name?

Thanks again!

Best regards,

Markus

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On 01.04.2024 um 19:30 Uhr Markus Robert Kessler wrote:

So, openconnect does have a (commandline) option, which network
manager invokes to get rid of those routing infos?

I dunno.

I didn't find this switch in the man page yet. Do you know its name?

Sadly, no.
I currently have to invoke openconnect directly because they don't
support TOTP properly yet and it is PITA.
I recommend invoking it via NM whenever possible.

--
kind regards
Marco

Send spam to 1711992621muell@cartoonies.org

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On 2024-04-01, Marco Moock <mm+usenet-es@dorfdsl.de> wrote:

On 01.04.2024 um 19:30 Uhr Markus Robert Kessler wrote:

So, openconnect does have a (commandline) option, which network
manager invokes to get rid of those routing infos?

I dunno.

I didn't find this switch in the man page yet. Do you know its name?

Sadly, no.
I currently have to invoke openconnect directly because they don't
support TOTP properly yet and it is PITA.
I recommend invoking it via NM whenever possible.

If you run openconnect on its own (no argument) it lists its options, so
is like a very brief man page but presumable up-to-date.



--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

In article <uuf01e$2lb63$1@dont-email.me>,
Marco Moock <mm+usenet-es@dorfdsl.de> wrote:

On 01.04.2024 um 18:35 Uhr Markus Robert Kessler wrote:

So, I'd like to skip getting such a huge amount of useless routes. I
want to set the routing by my own script, instead.

NetworkManager has an option to ignore routes from the peer.
Connection settings --> IPv4/IPv6 settings --> Routes --> Ignore >automatically obtained routes

The Cisco ASA at work pushes some routes to my computer when I connect to
it. One of them (for a remote office) uses the same 192.168.1.0/24 subnet
as my home network, so I lose access to my file server, printers, etc. at
home when I'm connected to the VPN. I'd been considering moving my home network to a different subnet, but this would be easier...will have to look into it.

I'd still need a route to 172.16.0.0/22. Would this have to be added
manually after connecting?

--
_/_
/ v \ Scott Alfter (remove the obvious to send mail)
(IIGS( https://alfter.us/ Top-posting!
\_^_/ >What's the most annoying thing on Usenet?

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On 2024-04-02, Scott Alfter <scott@alfter.diespammersdie.us> wrote:

In article <uuf01e$2lb63$1@dont-email.me>,
Marco Moock <mm+usenet-es@dorfdsl.de> wrote:

On 01.04.2024 um 18:35 Uhr Markus Robert Kessler wrote:

So, I'd like to skip getting such a huge amount of useless routes. I
want to set the routing by my own script, instead.

NetworkManager has an option to ignore routes from the peer.
Connection settings --> IPv4/IPv6 settings --> Routes --> Ignore >>automatically obtained routes

The Cisco ASA at work pushes some routes to my computer when I connect to
it. One of them (for a remote office) uses the same 192.168.1.0/24 subnet
as my home network, so I lose access to my file server, printers, etc. at home when I'm connected to the VPN. I'd been considering moving my home network to a different subnet, but this would be easier...will have to look into it.

?? 192.168.x.x is non-routable. Ie, unless you are directly connected to
the network you cannot access it. Is your home on the same physical net
as that remote office? Otherwise I do not see how tht could do anything
to your attachment to the home network.

I'd still need a route to 172.16.0.0/22. Would this have to be added manually after connecting?

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On Tue, 2 Apr 2024 22:16:53 -0000 (UTC) William Unruh wrote:

On 2024-04-02, Scott Alfter <scott@alfter.diespammersdie.us> wrote:

In article <uuf01e$2lb63$1@dont-email.me>,
Marco Moock <mm+usenet-es@dorfdsl.de> wrote:

On 01.04.2024 um 18:35 Uhr Markus Robert Kessler wrote:

So, I'd like to skip getting such a huge amount of useless routes. I
want to set the routing by my own script, instead.

NetworkManager has an option to ignore routes from the peer. Connection >>>settings --> IPv4/IPv6 settings --> Routes --> Ignore automatically >>>obtained routes

The Cisco ASA at work pushes some routes to my computer when I connect
to it. One of them (for a remote office) uses the same 192.168.1.0/24
subnet as my home network, so I lose access to my file server,
printers, etc. at home when I'm connected to the VPN. I'd been
considering moving my home network to a different subnet, but this
would be easier...will have to look into it.

?? 192.168.x.x is non-routable. Ie, unless you are directly connected to
the network you cannot access it. Is your home on the same physical net
as that remote office? Otherwise I do not see how tht could do anything
to your attachment to the home network.

I'd still need a route to 172.16.0.0/22. Would this have to be added
manually after connecting?

Since 172.16.* is part of the private space beyond the vpn, you have to
add this like

ip route add 172.16.0.0/22 dev tun0

or similar, depending on your vpn device.

Best regards,

Markus

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On 02/04/2024 23:16, William Unruh wrote:

?? 192.168.x.x is non-routable. Ie, unless you are directly connected to
the network you cannot access it. Is your home on the same physical net
as that remote office? Otherwise I do not see how tht could do anything
to your attachment to the home network.

192.168.x.x is routable.

It just isn't something that the Internet routes, by convention.
It can be routed via a VPN.

It is a good argument for changing his home IP network to something else.


--
A lie can travel halfway around the world while the truth is putting on
its shoes.

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On 2.4.2024 19.23, Scott Alfter wrote:

In article <uuf01e$2lb63$1@dont-email.me>,
Marco Moock <mm+usenet-es@dorfdsl.de> wrote:

On 01.04.2024 um 18:35 Uhr Markus Robert Kessler wrote:

So, I'd like to skip getting such a huge amount of useless routes. I
want to set the routing by my own script, instead.

NetworkManager has an option to ignore routes from the peer.
Connection settings --> IPv4/IPv6 settings --> Routes --> Ignore
automatically obtained routes

The Cisco ASA at work pushes some routes to my computer when I connect to
it. One of them (for a remote office) uses the same 192.168.1.0/24 subnet
as my home network, so I lose access to my file server, printers, etc. at home when I'm connected to the VPN. I'd been considering moving my home network to a different subnet, but this would be easier...will have to look into it.

I'd still need a route to 172.16.0.0/22. Would this have to be added manually after connecting?

The network 172.16.x.x to 172.31.x.x is one of the RFC1918 ranges
reserved for private networks, and as such it is non-routable in the
outside Net. It is probably fine to have inside of the VPN tunnel.
The same applies to the 192.168.x.x network (and 10.x.x.x).

The commercial VPNs like Cisco want to disable direct Internet access
of the client for the duration of the tunnel, to prevent sneak paths
to/from the public net and the internal tunneled network.

--

-Tauno Voipio

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On 02.04.2024 um 22:16 Uhr William Unruh wrote:

?? 192.168.x.x is non-routable.

It is routable, but won't be routed on the internet.
You can of course route it through a tunnel like here.


--
kind regards
Marco

Send spam to 1712089013muell@cartoonies.org

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On 02.04.2024 um 16:23 Uhr Scott Alfter wrote:

The Cisco ASA at work pushes some routes to my computer when I
connect to it.

At least when using NetworkManager, you can control that behavior and
you can add settings to the connection that special routes will be
added when VPN comes up and removed when it comes down.

One of them (for a remote office) uses the same
192.168.1.0/24 subnet as my home network, so I lose access to my file
server, printers, etc. at home when I'm connected to the VPN. I'd
been considering moving my home network to a different subnet, but
this would be easier...will have to look into it.

Another reason to move to IPv6 - no more address conflicts.

--
kind regards
Marco

Send spam to 1712067824muell@cartoonies.org

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On 03.04.2024 um 21:26 Uhr Tauno Voipio wrote:

The commercial VPNs like Cisco want to disable direct Internet access
of the client for the duration of the tunnel, to prevent sneak paths
to/from the public net and the internal tunneled network.

This can always be overridden at the VPN client, so security must not
rely on that.

--
kind regards
Marco

Send spam to 1712172374muell@cartoonies.org

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On 4/2/24 17:16, William Unruh wrote:

?? 192.168.x.x is non-routable.

192.168/16 is very much so routABLE.

It is just not routED on the global Internet (by convention).

Almost all IPs are routable. It gets very tricky to say why given IPs
are not capable of being routed. Beyond part of locally attached
networks and crap software, I can't think of think of any that can't be
made to be routed.

Ie, unless you are directly connected to the network you cannot
access it.

Lack of a route is very different than the lack of ability to route.

Is your home on the same physical net as that remote office? Otherwise
I do not see how tht could do anything to your attachment to the
home network.

Do to vagaries of non-deterministic things, it's possible to have a
route to 192.0.2.0/24 through a VPN as well as through the local NIC.
Sometimes the most recent route to be configured is the route that is used.

Other times VPN clients play with policy based routing such that they
can intercept things ostensibly for white hat reasons.



--
Grant. . . .

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On 4/3/24 13:26, Tauno Voipio wrote:

The commercial VPNs like Cisco want to disable direct Internet access
of the client for the duration of the tunnel, to prevent sneak paths
to/from the public net and the internal tunneled network.

That is very likely a configuration option on the VPN concentrator.

It may default to having the default route go through the VPN.

Start streaming things through the VPN and causing the VPN concentrator
to use a lot more bandwidth and the people that configured it may decide
that they want to change the configuration.



--
Grant. . . .

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On 4/3/24 14:34, Marco Moock wrote:

This can always be overridden at the VPN client, so security must
not rely on that.

I agree that you /should/ be able to override it.

Though that's predicated on you having sufficient administrative access
to do so on the client device. Being an unprivileged user on a work
owned computer makes that difficult.

I've also used some VPNs that periodically (ever single digit minutes if
memory serves) checked the configuration and would disconnect if it was
not what the admins wanted.



--
Grant. . . .

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On 4/1/24 13:35, Markus Robert Kessler wrote:

Some of these routes are conflicting with machines in my home office net.

Try adding more specific / host routes to things on your home network
via the NIC connecting to your home networking.

There are also multiple routing tables and policy based routing games
that can be played.



--
Grant. . . .

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On 2024-04-03, Marco Moock <mm+usenet-es@dorfdsl.de> wrote:

On 02.04.2024 um 22:16 Uhr William Unruh wrote:

?? 192.168.x.x is non-routable.

It is routable, but won't be routed on the internet.
You can of course route it through a tunnel like here.

But which? He says he has his home network on 192.168. and there is a
work network on 192.168. but it is a different network (ne home, one
work) and the work one takes precednce for him. Only one of them can be
active to his machine. which has to be setup in the routng tables.




--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On 4/3/24 22:09, William Unruh wrote:

But which? He says he has his home network on 192.168. and there is a
work network on 192.168. but it is a different network (ne home, one
work) and the work one takes precednce for him. Only one of them can
be active to his machine. which has to be setup in the routng tables.

Traditional routing, read: non-policy-based-routing, dictates that the
best route wins. Directly attached routes always trump remote routes.

So for a remote route to be trumping a directly attached route, policy-based-routing must be in use or something else to override very
low level routing / networking.



--
Grant. . . .

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On Wed, 3 Apr 2024 22:29:13 -0500, Grant Taylor wrote:

On 4/3/24 22:09, William Unruh wrote:

But which? He says he has his home network on 192.168. and there is a
work network on 192.168. but it is a different network (ne home, one
work) and the work one takes precednce for him. Only one of them can be
active to his machine. which has to be setup in the routng tables.

Traditional routing, read: non-policy-based-routing, dictates that the
best route wins. Directly attached routes always trump remote routes.

So for a remote route to be trumping a directly attached route, policy-based-routing must be in use or something else to override very
low level routing / networking.

Verify the netmask(s) u use. If they are all /24 then a change in local
nwtwirk would be easiset change.




--
Jim Whitby


Newborn babies cannot cry tears for at least three weeks. ----------------------
Mageia release 9 (Official) for x86_64
6.6.22-server-1.mga9
----------------------

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On Wed, 03 Apr 2024 23:53:00 -0400, jim whitby <mr.spock@spockmnail.net> wrote:

On Wed, 3 Apr 2024 22:29:13 -0500, Grant Taylor wrote:

On 4/3/24 22:09, William Unruh wrote:

But which? He says he has his home network on 192.168. and there is a
work network on 192.168. but it is a different network (ne home, one
work) and the work one takes precednce for him. Only one of them can be
active to his machine. which has to be setup in the routng tables.

Traditional routing, read: non-policy-based-routing, dictates that the
best route wins. Directly attached routes always trump remote routes.

So for a remote route to be trumping a directly attached route,
policy-based-routing must be in use or something else to override very
low level routing / networking.

Verify the netmask(s) u use. If they are all /24 then a change in local nwtwirk would be easiset change.

Just don't forget to change the shorewall rules.

Regards, Dave Hodgins

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

Marco Moock <mm+usenet-es@dorfdsl.de> writes:

On 02.04.2024 um 22:16 Uhr William Unruh wrote:

?? 192.168.x.x is non-routable.

It is routable, but won't be routed on the internet.
You can of course route it through a tunnel like here.

I always say that the RFC 1918 addresses are "not normally publicly
routed." :-)

As you say, they definitely _are_ routable, or a whole lot of home and corporate networks would not be functional.

I saw a video not too long ago that pointed out that the use of these
addresses and NAT was made widespread by the Cisco PIX. It was a pretty interesting look back at something new that now seems commonplace and
ordinary.

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On 2024-04-04, Bud Frede <frede@mouse-potato.com> wrote:

Marco Moock <mm+usenet-es@dorfdsl.de> writes:

On 02.04.2024 um 22:16 Uhr William Unruh wrote:

?? 192.168.x.x is non-routable.

It is routable, but won't be routed on the internet.
You can of course route it through a tunnel like here.

I always say that the RFC 1918 addresses are "not normally publicly
routed." :-)

As you say, they definitely _are_ routable, or a whole lot of home and corporate networks would not be functional.

The key word is "publicly". Ie, once you get away from directly attached networks (or internal routers you have specially set up within your organization) and some outside router needs to be involved to get the
packet from here to there, then that router has no idea which of the
millions of networks with 192.168. to send the packet to.
In the case in question, there are two networks with the same 192.168.
network addresses. As mentioned the locally attached network should get
the nod. The claim is that it is not. Of course this is going by tun to
remote vpn. So if the local 192.168. addresses are being set up so that
those packets still get delivered through tun, then the "localy attached network" could well be the remote one. Answer, tell your local machine
to deliver all 192.168 stuff not to tun but to a local router which
knows about your local 192.168.

I saw a video not too long ago that pointed out that the use of these addresses and NAT was made widespread by the Cisco PIX. It was a pretty interesting look back at something new that now seems commonplace and ordinary.

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

On 4/4/24 01:26, David W. Hodgins wrote:

Just don't forget to change the shorewall rules.

You might not even need to do that.

Add two /25 routes using the local network. The shorewall, bein on a
separate system than the problematic VPN client, is probably perfectly
fine continuing to use the /24.

N.B. it's late at night and I'm not sure what will happen with broadcasts.

I'm confident that this can be made to work. Especially with host (/32) routes.



--
Grant. . . .

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

In article <uui04k$3f9re$1@dont-email.me>,
William Unruh <unruh@invalid.ca> wrote:

On 2024-04-02, Scott Alfter <scott@alfter.diespammersdie.us> wrote:

In article <uuf01e$2lb63$1@dont-email.me>,
Marco Moock <mm+usenet-es@dorfdsl.de> wrote:

On 01.04.2024 um 18:35 Uhr Markus Robert Kessler wrote:

So, I'd like to skip getting such a huge amount of useless routes. I
want to set the routing by my own script, instead.

NetworkManager has an option to ignore routes from the peer.
Connection settings --> IPv4/IPv6 settings --> Routes --> Ignore >>>automatically obtained routes

The Cisco ASA at work pushes some routes to my computer when I connect to
it. One of them (for a remote office) uses the same 192.168.1.0/24 subnet >> as my home network, so I lose access to my file server, printers, etc. at
home when I'm connected to the VPN. I'd been considering moving my home
network to a different subnet, but this would be easier...will have to look >> into it.

?? 192.168.x.x is non-routable.

I probably should've explained the situation. At work, the main office uses 172.16.0.0/22. A satellite office a few blocks away uses 192.168.1.0/24; a static route is added to the handful of desktops that need to talk to hosts over there. At home, my personal network also uses 192.168.1.0/24.
Connecting to the VPN from home causes my home server, printers, etc. to
become inaccessible as a result, as traffic for 192.168.1.0/24 gets routed
to the satellite office.

The ability to ignore some of the routes provided by the VPN would be nice,
as I don't need to deal with stuff at the satellite office 99% of the time.

--
_/_
/ v \ Scott Alfter (remove the obvious to send mail)
(IIGS( https://alfter.us/ Top-posting!
\_^_/ >What's the most annoying thing on Usenet?

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

XPost: alt.os.linux.ubuntu, alt.os.linux.mageia

In article <uujalb$3rv5p$2@dont-email.me>,
The Natural Philosopher <tnp@invalid.invalid> wrote:

On 02/04/2024 23:16, William Unruh wrote:

?? 192.168.x.x is non-routable. Ie, unless you are directly connected to
the network you cannot access it. Is your home on the same physical net
as that remote office? Otherwise I do not see how tht could do anything
to your attachment to the home network.

192.168.x.x is routable.

It just isn't something that the Internet routes, by convention.
It can be routed via a VPN.

It is a good argument for changing his home IP network to something else.

That's also something I've considered. My home router's a Raspberry Pi CM4
on a carrier board that adds a second Ethernet jack, running OpenWRT. I've thought about downloading the config, changing all occurrences of 192.168.1.
to 192.168.100. (or whatever), and uploading the changed config, but have
been a bit nervous about it (especially since the WAF of a downed network is pretty low :-) ).

--
_/_
/ v \ Scott Alfter (remove the obvious to send mail)
(IIGS( https://alfter.us/ Top-posting!
\_^_/ >What's the most annoying thing on Usenet?

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

scott@alfter.diespammersdie.us (Scott Alfter) writes:

That's also something I've considered. My home router's a Raspberry Pi CM4 on a carrier board that adds a second Ethernet jack, running OpenWRT.

Just curious but which carrier board? Is there a case too?

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)