Telstra have some of the fastest 3G wireless and some of the best coverage in Australia. Yes, you sure pay for the privilege, but it’s there when you need it and it works. Mostly.
One thing that has been an issue for a lot of my clients is accessing their corporate VPNs via a NextG connection. They can easily establish the NextG connection to the internet and easily bring up the PPTP VPN connection back to their LAN, but no traffic seems to pass over this link.
I’ve done some digging and have discovered that it all seems to be down to the routing tables. Most of my clients all have LANs on 10.0.x.0/24 subnets. They’ve all been set out so that none of them overlap, and having a block of 10 /24 subnets for if they need multiple sites. For instance, one client may have network addresses in the range 10.0.30.1 – 10.0.30.254 (or 10.0.30.0/24) and another one may have three networks, all linked via dedicated VPN connections on 10.0.40.0/24, 10.0.41.0/24 and 10.0.42.0/24 and so on.
This is generally all fine, as long as you’re picking a range of addresses from the ranges allocated by RFC 1918 then it’s usually all OK.
Enter, from stage left, Telstra. Their NextG dongles exhibit some interesting behaviour. If you’re connected to, say, a wifi LAN that uses a subnet anywhere in the 10/8 subnet, and you establish your NextG connection, then connect to the VPN, it all works as expected.
If, however, you are not connected to a network and you establish a connection to the NextG service, the ppp daemon brings up the connection on ppp0, but it “grabs” the entire 10/8 subnet for itself. If you then go on to establish a VPN to a network that’s also within this address range, you can ping the gateway at the other end, but you can’t ping any addresses on the LAN.
The solution is to delete the route for the 10/8 subnet, and this can either be done manually, or via a script that the pppd daemon automatically calls whenever it establishes a connection.
If you’re wanting to do it manually here’s an one-liner to execute in the terminal:
sudo /sbin/route delete 10.0.0.0/8
Connect to the Telstra NextG, run the above command and then connect to the VPN and it will work as expected.
If you want a more permanent solution, I have created a fix which you can download and install.
Telstra NextG VPN Fix
What it does is explained in the installer but essentially it puts a couple of scripts in a directory where the pppd daemon will automatically call them. If the ppp connection is identified as a Telstra NextG connection (using the IP address of the gateway, which in my testing has always been 10.64.64.64) then it will fix the routing table for you.
To uninstall, delete /etc/ppp/ip-up and /etc/ppp/ip-down.