You need a "Split Tunnel" setup, which you can enforce,
but some IT departments looks at split tunnels as a security risk,
so maybe you should ask if it's OK to use it.
I use this script, you just need to adjust it
to the actual network at the other end of Your vpn connection!
Also You can choose which dns to use - your own or the one at the other end.
Just comment one line in the script to use dns from the vpn connection.
Code:
/etc/vpnc/VPN_split:
#!/bin/sh
# This script is called from the vpnc.conf
# ...
# ...
# Script /etc/vpnc/VPN_split
# 2013 ml4711
# Add one IP to the list of split tunnel
add_ip ()
{
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_ADDR=$1
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASK=$2
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASKLEN=$3
export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC + 1))
}
# Initialize empty split tunnel list
export CISCO_SPLIT_INC=0
# Delete DNS info provided by VPN server to use internet DNS
# Comment following line to use DNS beyond VPN tunnel
unset INTERNAL_IP4_DNS
# List of IPs or Nets beyond VPN tunnel
add_ip 10.1.0.0 255.255.0.0 16
add_ip 10.10.4.0 255.255.255.0 24
add_ip 10.255.5.0 255.255.255.0 24
# Execute (i.e source) default script
. /etc/vpnc/vpnc-script
# End of script
To use it,
just add "Script /etc/vpnc/VPN_split" to Your vpn configuration,
as the very last line, so it looks something like this:
Code:
/etc/vpnc/YourConnection.conf
IPSec ID VPNC_name
IPSec gateway 10.10.x.x
IPSec secret YourGroupSecret
Xauth username YourName
IKE Authmode psk
Script /etc/vpnc/VPN_split
Enjoy