The access for internal resources when having a active VPN connection is only supposed to work if you have Split Tunneling active.
Split tunneling
Split tunneling is a computer networking concept which allows a mobile
user to access dissimilar security domains like a public network
(e.g., the Internet) and a local LAN or WAN at the same time, using
the same or different network connections.
With split tunneling, it is then a matter of the DNS order server having the DNS of the VPN at the top and your normal DNS servers at the end. By the normal inner workings of DNS, the top ones failing the request will trickle down to the bottom ones.
You seem to have already split tunnelling active per our debugging, so as a quick fix, it is a matter of adding your DNS to /etc/ppp/resolv.conf
.
As for having a more generic approach, this page talks about using dnsmasq.
DNS routing after PPTP connection
A solution would be to run a local DNS server that can forward queries
to other DNS servers based on subdomain/domain.
Ubuntu's network-manager already runs a local DNS server
(dnsmasq-base) however the required options are not available so
disable it then install and configure the full dnsmasq package as
follows:
1) Comment out dns=dnsmasq from /etc/NetworkManager/NetworkManager.conf
2) Restart network-manager: sudo service network-manager restart
3) Install dnsmasq package: sudo apt-get install dnsmasq
4) Edit /etc/dnsmasq.conf and add:
address=/.mywork/VPN_DNS_IP address=/#/INTERNET_DNS_IP
5) Restart
dnsmaq: sudo service dnsmasq restart
I will also leave here a link concerning security with VPN protocols.
PPTP VS L2TP/IPSEC VS OPENVPN
The Microsoft implementation of PPTP has serious security
vulnerabilities. MSCHAP-v2 is vulnerable to dictionary attack and the
RC4 algorithm is subject to a bit-flipping attack. Microsoft strongly
recommends upgrading to IPSec where confidentiality is a concern.
Best Answer
DNS Config Under Linux
DNS usage on linux is done over a set of routines in the C library that provide access to the Internet Domain Name System (DNS). The resolver configuration file (
resolv.conf
) contains information that is read by the resolver routines the first time they are invoked by a process. In short each process requesting DNS will read/etc/resolv.conf
over library. The NSS is layered on top of this, and is configured by/etc/nsswitch.conf
.Linux DNS config are located in the file
/etc/resolv.conf
BUT there are a number of programs/services that wants to automatically manage and handle the DNS configuration file at/etc/resolv.conf
. In some situations you may want to manage this file yourself. Each program/service managing DNS have its own configuration files like/etc/dnsmasq.conf
(for dnsmasq service) and append the DNS config at connection change and/or on other events... a quick solution is to lock the DNS config file withchattr +i /etc/resolv.conf
but this is not recommended in certain case, a better solution is to setup correctly all the program/services using the DNS like (dnsmasq/network-manager/resolvconf/etc.)Getting Back The Control Of DNS
Here is an exhaustive list of setups to get back the control of resolv.conf and avoid having it overwritten (how to disable/setup DNS from other location other than resolv.conf) note that resolvconf is an independent program from resolv.conf, also depending on your system/config you may not have one or many of the programs listed here.
1. Resolvconf:
Config files
Update the config
Disable resolvconf
2. Dnsmasq Service:
Config files
Update the config
3. Network Manager:
Config files
Disable DNS
Enable DNS
Use resolved service
Use resolvconf
Update the config
4. Network Interfaces:
Config files
Update The Config
5. DHCP Client:
Config files
Update The Config
6. Rdnssd Service:
Disable rdnssd
7. Resolved Service:
Disable resolved
8. Netconfig:
Config files
Disable netconfig
Update The Config
Setting The DNS Server
Example of a
/etc/resolv.conf
configuration