LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   How do I route my internet traffic over tun0? (http://www.linuxquestions.org/questions/linux-networking-3/how-do-i-route-my-internet-traffic-over-tun0-798477/)

FireRaven 03-28-2010 04:13 PM

How do I route my internet traffic over tun0?
 
Hi,

I have eth0 and tun0.
tun0 is a VPN tunnel going over eth0.
Everything on the other end is setup and working fine, when I type
Code:

traceroute 4.2.2.1
I see my the ping is going over 192.168.2.99 (eth0).

When I then type
Code:

route add -net 4.2.2.1 netmask 255.255.255.255 dev tun0
traceroute 4.2.2.1

I see ping is going over 10.8.0.1 (tun0) instead of eth0, so that is working :)

What does not work however is when I do
Code:

route add -net 0.0.0.0 netmask 0.0.0.0 dev tun0
traceroute 4.2.2.1

I get no ping!

I believe the problem is because all traffic is routing over tun0, which means even the VPN tun0 needs to go through eth0, it can no longer do this.

Is there a way around this where I can route everything except for 114.77.31.26 (which is my VPN gateway for tun0)?

nimnull22 03-28-2010 05:39 PM

Quote:

Originally Posted by FireRaven (Post 3915742)
Hi,
...

What does not work however is when I do
Code:

route add -net 0.0.0.0 netmask 0.0.0.0 dev tun0
traceroute 4.2.2.1

...

This will add default route.
Can you post output of:
ip route show

FireRaven 03-28-2010 05:55 PM

Yeah sure...
Code:

root@ubuntu-vmguest:/opt# route add -net 4.2.2.1 netmask 255.255.255.255 dev tun0
root@ubuntu-vmguest:/opt# ip route show
10.8.0.1 dev tun0  proto kernel  scope link  src 10.8.0.2
4.2.2.1 dev tun0  scope link
192.168.2.200 dev eth0  scope link  src 192.168.2.11
192.168.2.150 dev ppp0  proto kernel  scope link  src 192.168.2.159
192.168.2.0/24 dev eth0  proto kernel  scope link  src 192.168.2.11
192.168.77.0/24 via 10.8.0.1 dev tun0
default via 192.168.2.99 dev eth0  metric 100
root@ubuntu-vmguest:/opt# route add -net 0.0.0.0 netmask 0.0.0.0 dev tun0
root@ubuntu-vmguest:/opt# ip route show
10.8.0.1 dev tun0  proto kernel  scope link  src 10.8.0.2
4.2.2.1 dev tun0  scope link
192.168.2.200 dev eth0  scope link  src 192.168.2.11
192.168.2.150 dev ppp0  proto kernel  scope link  src 192.168.2.159
192.168.2.0/24 dev eth0  proto kernel  scope link  src 192.168.2.11
192.168.77.0/24 via 10.8.0.1 dev tun0
default dev tun0  scope link
default via 192.168.2.99 dev eth0  metric 100
root@ubuntu-vmguest:/opt#

Just ignore the ppp0 interface that is not relevant here.

nimnull22 03-28-2010 06:12 PM

Thanks, but can you tell what exactly you want.

If you want everything go through VPN, you should add default router with VPN GW.
Right now it is through eth0 and gw=192.168.2.99.

FireRaven 03-28-2010 06:34 PM

The problem is if I do set tun0 as the default gateway, nothing works anymore. But if I only set it as the gateway for a 4.2.2.1/32 or 4.0.0.0/8 then it works for 4.x.x.x

nimnull22 03-28-2010 06:43 PM

What command did you use to add default route? If one from above it is not right. Default route includes network, its mask and GW.

FireRaven 03-28-2010 07:23 PM

I have tried it with route add default gw 10.8.0.1 dev tun0 but with the same issue.

nimnull22 03-28-2010 07:29 PM

Ok. Please, add default route through tun0 and post here output of command:
ip route show

Also please, post output of command:
ip addr show dev tun0


Thanks

FireRaven 03-28-2010 07:42 PM

Ok I'll start from beginning "traceroute 4.2.2.1" routes traffic through 4.2.2.1.
EDIT: Ok I'll start from beginning "traceroute 4.2.2.1" routes traffic through 192.168.2.99 (eth0).

Next I run "route add default gw 10.8.0.1 dev tun0" then again try "traceroute 4.2.2.1" and I get nothing.

After running that those commands here are my routes:
Code:

root@ubuntu-vmguest:~# ip route show
10.8.0.1 dev tun0  proto kernel  scope link  src 10.8.0.2
192.168.2.200 dev eth0  scope link  src 192.168.2.11
192.168.2.150 dev ppp0  proto kernel  scope link  src 192.168.2.155
192.168.2.0/24 dev eth0  proto kernel  scope link  src 192.168.2.11
192.168.77.0/24 via 10.8.0.1 dev tun0
default via 10.8.0.1 dev tun0
default via 192.168.2.99 dev eth0  metric 100
root@ubuntu-vmguest:~# ip route show dev tun0
10.8.0.1  proto kernel  scope link  src 10.8.0.2
192.168.77.0/24 via 10.8.0.1
default via 10.8.0.1
root@ubuntu-vmguest:~#

I assume the metric for 10.8.0.1 is lower than 192.168.2.99 (by local gateway) so it is trying to take the 10.8.0.1 path instead of my local gateway.
This is what I want, but traffic doesn't route anywhere now, I am assuming this is because tun0 is a VPN connection going through 192.168.2.99 itself, but that may not be the problem, not sure :(

nimnull22 03-28-2010 07:45 PM

Sorry, but I was asking about:
ip addr show dev tun0

and not:
ip route show dev tun0

FireRaven 03-28-2010 07:48 PM

My bad, here it is:
Code:

root@ubuntu-vmguest:~# ip addr show dev tun0
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
    link/[65534]
    inet 10.8.0.2 peer 10.8.0.1/32 scope global tun0
root@ubuntu-vmguest:~#


nimnull22 03-28-2010 08:01 PM

First, please remove:
10.8.0.1 dev tun0, by "ip route del 10.8.0.1 dev tun0"
I hope, this command will work.

After this please, post again output for "ip addr show dev tun0"
And also, tell can you "ping 10.8.0.2"?
Can you: "ping 10.8.0.1"?

FireRaven 03-28-2010 08:09 PM

Here we go
Code:

root@ubuntu-vmguest:~# ip route del 10.8.0.1 dev tun0
root@ubuntu-vmguest:~# ip addr show dev tun0
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
    link/[65534]
    inet 10.8.0.2 peer 10.8.0.1/32 scope global tun0
root@ubuntu-vmguest:~# ping 10.8.0.2
PING 10.8.0.2 (10.8.0.2) 56(84) bytes of data.
64 bytes from 10.8.0.2: icmp_seq=1 ttl=64 time=12.8 ms
^C
--- 10.8.0.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 12.836/12.836/12.836/0.000 ms
root@ubuntu-vmguest:~# ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
^C
--- 10.8.0.1 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5025ms

root@ubuntu-vmguest:~# ip route show
192.168.2.200 dev eth0  scope link  src 192.168.2.11
192.168.2.150 dev ppp0  proto kernel  scope link  src 192.168.2.155
192.168.2.0/24 dev eth0  proto kernel  scope link  src 192.168.2.11
192.168.77.0/24 via 10.8.0.1 dev tun0
default via 10.8.0.1 dev tun0
default via 192.168.2.99 dev eth0  metric 100
root@ubuntu-vmguest:~#

It looks like that deleted the route from 10.8.0.2 to 10.8.0.1, but not the default gateway to 10.8.0.1, was that what you wanted?

nimnull22 03-28-2010 08:47 PM

Ok. This is not really good.
I hope you know that VPN it is like tunnel between you computer and remote one, and
"inet 10.8.0.2 peer 10.8.0.1/32 scope global tun0" - means (if I understand right) 10.8.0.1 on the other side of this tunnel. So if tunnel works you should be able to ping it.

Lets do different thing. Delete default through tun0:
ip route del default via 10.8.0.1 dev tun0

And add network according you tunnel:
ip route add 10.8.0.0/24 dev tun0

Then post please output of:
ip route show

And try to: ping 10.8.0.1

FireRaven 03-28-2010 09:10 PM

Code:

root@ubuntu-vmguest:~# ip route del default via 10.8.0.1 dev tun0
root@ubuntu-vmguest:~# ip route add 10.8.0.0/24 dev tun0
root@ubuntu-vmguest:~# ip route show
192.168.2.200 dev eth0  scope link  src 192.168.2.11
192.168.2.150 dev ppp0  proto kernel  scope link  src 192.168.2.155
192.168.2.0/24 dev eth0  proto kernel  scope link  src 192.168.2.11
10.8.0.0/24 dev tun0  scope link
192.168.77.0/24 via 10.8.0.1 dev tun0
default via 192.168.2.99 dev eth0  metric 100
root@ubuntu-vmguest:~# ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
^C
--- 10.8.0.1 ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 10054ms


Let me explain what I am trying to do.

I have computer A (this one) which has
eth0 192.168.2.11 with gateway 192.168.2.99
tun0 10.8.0.2 tunnel to 10.8.0.1 (to computer B)
and I have computer B (the 10.8.0.1 network) which has:
eth1 x.x.x.1 with gateway x.x.x.2 (can't remember what these numbers are)
tun0 10.8.0.1 tunnel to 10.8.0.2 (to computer A)

on computer A my traffic routes through 192.168.2.99, but I want it to route through 10.8.0.1 instead of 192.168.2.99.

When I write "route add -net 4.0.0.0 netmask 255.0.0.0 dev tun0" for example then type "traceroute 4.2.2.3" it works and routes through 10.8.0.1 just like I want.
Similar if I did "route add -net 5.0.0.0 netmask 255.0.0.0 dev tun0" and "route add -net 6.0.0.0 netmask 255.0.0.0 dev tun0" then all 5.x.x.x and 6.x.x.x would route through 10.8.0.1 (which is great!)

The problem is how do I get ALL my traffic to route through 10.8.0.1 without defining 255 different class A addresses manually?

Also, "route add -net 0.0.0.0 netmask 0.0.0.0 dev tun0" loses all my internet connection all together and I believe this is because OpenVPN loses its connection with tun0 because it behind the scenes routes through eth0 (since tun0 is only virtual).


All times are GMT -5. The time now is 04:49 AM.