[SOLVED] How do I route my internet traffic over tun0?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
root@ubuntu-vmguest:/opt# route add -net 4.2.2.1 netmask 255.255.255.255 dev tun0
root@ubuntu-vmguest:/opt# ip route show
10.8.0.1 dev tun0 proto kernel scope link src 10.8.0.2
4.2.2.1 dev tun0 scope link
192.168.2.200 dev eth0 scope link src 192.168.2.11
192.168.2.150 dev ppp0 proto kernel scope link src 192.168.2.159
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.11
192.168.77.0/24 via 10.8.0.1 dev tun0
default via 192.168.2.99 dev eth0 metric 100
root@ubuntu-vmguest:/opt# route add -net 0.0.0.0 netmask 0.0.0.0 dev tun0
root@ubuntu-vmguest:/opt# ip route show
10.8.0.1 dev tun0 proto kernel scope link src 10.8.0.2
4.2.2.1 dev tun0 scope link
192.168.2.200 dev eth0 scope link src 192.168.2.11
192.168.2.150 dev ppp0 proto kernel scope link src 192.168.2.159
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.11
192.168.77.0/24 via 10.8.0.1 dev tun0
default dev tun0 scope link
default via 192.168.2.99 dev eth0 metric 100
root@ubuntu-vmguest:/opt#
Just ignore the ppp0 interface that is not relevant here.
The problem is if I do set tun0 as the default gateway, nothing works anymore. But if I only set it as the gateway for a 4.2.2.1/32 or 4.0.0.0/8 then it works for 4.x.x.x
Ok I'll start from beginning "traceroute 4.2.2.1" routes traffic through 4.2.2.1.
EDIT: Ok I'll start from beginning "traceroute 4.2.2.1" routes traffic through 192.168.2.99 (eth0).
Next I run "route add default gw 10.8.0.1 dev tun0" then again try "traceroute 4.2.2.1" and I get nothing.
After running that those commands here are my routes:
Code:
root@ubuntu-vmguest:~# ip route show
10.8.0.1 dev tun0 proto kernel scope link src 10.8.0.2
192.168.2.200 dev eth0 scope link src 192.168.2.11
192.168.2.150 dev ppp0 proto kernel scope link src 192.168.2.155
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.11
192.168.77.0/24 via 10.8.0.1 dev tun0
default via 10.8.0.1 dev tun0
default via 192.168.2.99 dev eth0 metric 100
root@ubuntu-vmguest:~# ip route show dev tun0
10.8.0.1 proto kernel scope link src 10.8.0.2
192.168.77.0/24 via 10.8.0.1
default via 10.8.0.1
root@ubuntu-vmguest:~#
I assume the metric for 10.8.0.1 is lower than 192.168.2.99 (by local gateway) so it is trying to take the 10.8.0.1 path instead of my local gateway.
This is what I want, but traffic doesn't route anywhere now, I am assuming this is because tun0 is a VPN connection going through 192.168.2.99 itself, but that may not be the problem, not sure
Last edited by FireRaven; 03-28-2010 at 06:43 PM.
Reason: fix mistake
root@ubuntu-vmguest:~# ip addr show dev tun0
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/[65534]
inet 10.8.0.2 peer 10.8.0.1/32 scope global tun0
root@ubuntu-vmguest:~#
root@ubuntu-vmguest:~# ip route del 10.8.0.1 dev tun0
root@ubuntu-vmguest:~# ip addr show dev tun0
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/[65534]
inet 10.8.0.2 peer 10.8.0.1/32 scope global tun0
root@ubuntu-vmguest:~# ping 10.8.0.2
PING 10.8.0.2 (10.8.0.2) 56(84) bytes of data.
64 bytes from 10.8.0.2: icmp_seq=1 ttl=64 time=12.8 ms
^C
--- 10.8.0.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 12.836/12.836/12.836/0.000 ms
root@ubuntu-vmguest:~# ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
^C
--- 10.8.0.1 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5025ms
root@ubuntu-vmguest:~# ip route show
192.168.2.200 dev eth0 scope link src 192.168.2.11
192.168.2.150 dev ppp0 proto kernel scope link src 192.168.2.155
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.11
192.168.77.0/24 via 10.8.0.1 dev tun0
default via 10.8.0.1 dev tun0
default via 192.168.2.99 dev eth0 metric 100
root@ubuntu-vmguest:~#
It looks like that deleted the route from 10.8.0.2 to 10.8.0.1, but not the default gateway to 10.8.0.1, was that what you wanted?
Ok. This is not really good.
I hope you know that VPN it is like tunnel between you computer and remote one, and
"inet 10.8.0.2 peer 10.8.0.1/32 scope global tun0" - means (if I understand right) 10.8.0.1 on the other side of this tunnel. So if tunnel works you should be able to ping it.
Lets do different thing. Delete default through tun0:
ip route del default via 10.8.0.1 dev tun0
And add network according you tunnel:
ip route add 10.8.0.0/24 dev tun0
root@ubuntu-vmguest:~# ip route del default via 10.8.0.1 dev tun0
root@ubuntu-vmguest:~# ip route add 10.8.0.0/24 dev tun0
root@ubuntu-vmguest:~# ip route show
192.168.2.200 dev eth0 scope link src 192.168.2.11
192.168.2.150 dev ppp0 proto kernel scope link src 192.168.2.155
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.11
10.8.0.0/24 dev tun0 scope link
192.168.77.0/24 via 10.8.0.1 dev tun0
default via 192.168.2.99 dev eth0 metric 100
root@ubuntu-vmguest:~# ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
^C
--- 10.8.0.1 ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 10054ms
Let me explain what I am trying to do.
I have computer A (this one) which has
eth0 192.168.2.11 with gateway 192.168.2.99
tun0 10.8.0.2 tunnel to 10.8.0.1 (to computer B)
and I have computer B (the 10.8.0.1 network) which has:
eth1 x.x.x.1 with gateway x.x.x.2 (can't remember what these numbers are)
tun0 10.8.0.1 tunnel to 10.8.0.2 (to computer A)
on computer A my traffic routes through 192.168.2.99, but I want it to route through 10.8.0.1 instead of 192.168.2.99.
When I write "route add -net 4.0.0.0 netmask 255.0.0.0 dev tun0" for example then type "traceroute 4.2.2.3" it works and routes through 10.8.0.1 just like I want.
Similar if I did "route add -net 5.0.0.0 netmask 255.0.0.0 dev tun0" and "route add -net 6.0.0.0 netmask 255.0.0.0 dev tun0" then all 5.x.x.x and 6.x.x.x would route through 10.8.0.1 (which is great!)
The problem is how do I get ALL my traffic to route through 10.8.0.1 without defining 255 different class A addresses manually?
Also, "route add -net 0.0.0.0 netmask 0.0.0.0 dev tun0" loses all my internet connection all together and I believe this is because OpenVPN loses its connection with tun0 because it behind the scenes routes through eth0 (since tun0 is only virtual).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.