LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 03-28-2010, 08:34 PM   #16
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92

Yes, then you do "traceroute 4.2.2.3" - you see that packets ARE TRYING to go through tun0. It doesn't mean they are reach other side.

First of all you HAVE to be able to ping other side of your tunnel. So, you have to ping 10.8.0.2 from 10.8.0.1, and 10.8.0.1 from 10.8.0.2. Your OpenVPN software has to create tunnel before.
When you get this, you can add route for OpenVPN IP, everything else will use GW on other side of the tunnel.
But, es I said before, first of all, the tunnel should work it self.

Right now, after you added "10.8.0.0/24 dev tun0 scope link" packets addressed to 10.8.0.x will definitely go to tun0. And if OpenVPN on other side works and connects to your computer you should "ping" its interface with IP=10.8.0.1.
 
Old 03-28-2010, 08:46 PM   #17
FireRaven
Member
 
Registered: Apr 2006
Location: Australia
Distribution: Debian Squeeze
Posts: 135

Original Poster
Rep: Reputation: 18
Quote:
Originally Posted by nimnull22 View Post
Yes, then you do "traceroute 4.2.2.3" - you see that packets ARE TRYING to go through tun0. It doesn't mean they are reach other side.
That's right, but they are getting through because traceroute is pinging successfully through 10.8.0.1 then all the way to the US Server of 4.2.2.0/24.

That is successfully when doing the "route add -net 4.2.2.0 netmask 255.255.255.0 dev tun0" command first.
 
Old 03-28-2010, 08:57 PM   #18
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
In that case add route for IP of your computer B = 10.8.0.1, like:
route add -net <IP> netmask 255.255.255.255 dev eth0

Delete default route trough eth0.
Add default route through tun0:
route add -net 0.0.0.0 netmask 0.0.0.0 dev tun0
 
Old 03-28-2010, 09:22 PM   #19
FireRaven
Member
 
Registered: Apr 2006
Location: Australia
Distribution: Debian Squeeze
Posts: 135

Original Poster
Rep: Reputation: 18
Ok I just got it working, from a fresh start this is what was needed:
Code:
root@ubuntu-vmguest:/opt# route add -net 114.77.31.26 netmask 255.255.255.255 gw 192.168.2.99 dev eth0
root@ubuntu-vmguest:/opt# route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.8.0.1 metric 99 dev tun0
root@ubuntu-vmguest:/opt# ip route show
114.77.31.27 via 192.168.2.99 dev eth0
10.8.0.1 dev tun0  proto kernel  scope link  src 10.8.0.2
192.168.2.200 dev eth0  scope link  src 192.168.2.11
192.168.2.150 dev ppp0  proto kernel  scope link  src 192.168.2.153
192.168.2.0/24 dev eth0  proto kernel  scope link  src 192.168.2.11
192.168.77.0/24 via 10.8.0.1 dev tun0
default via 10.8.0.1 dev tun0  metric 99
default via 192.168.2.99 dev eth0  metric 100
root@ubuntu-vmguest:/opt#
I just had to add a higher priority to 114.77.31.26 to route through eth0 (gateway 192.168.2.99) while let all other traffic route through tun0 (gateway 10.8.0.1) at a lower priority, therefor not breaking tun0. This is because 114.77.31.26 is the VPN gateway for tun0 so it needs to not route through tun0 (of course).

With that routing table shown all internet traffic routes through tun0 where only 192.168.2.0/24 and 114.77.31.26 route through eth0 (192.168.2.99).

Thanks for your help working this out nimnull22!

EDIT: I don't think the "gw 10.8.0.1" part is needed since 10.8.0.1 is the only peer on tun0

Last edited by FireRaven; 03-28-2010 at 09:25 PM.
 
Old 03-28-2010, 09:56 PM   #20
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
You can remove:
default via 192.168.2.99 dev eth0 metric 100

You do not need it any more.
And unfortunately you show your IP - it is not really good. I suggest to erase it.
 
Old 03-30-2010, 03:19 PM   #21
fancylad
Member
 
Registered: Mar 2008
Distribution: slackware
Posts: 175

Rep: Reputation: 19
yes you are right. if you are setting a default route that uses the vpn connection then, by defualt, linux will try to push all traffic out this way. what if you first define a route for the vpn network so that eth0 can use this then add the default route using the vpn tunnel? Something like this:
Quote:
route add -net 4.2.2.1 netmask 255.255.255.255 gw 192.168.2.99
route add default gw dev tun0
This is assuming that 4.2.2.1 is the ip of the vpn gateway or whatever you wan to call it at the far end and 192.168.2.99 is the ip of your regular gateway for your eth0 connection. If this doesn't work try playing around with the first route add command. Remove the default gw altogether and make sure the route add command works so that any traffic destined for 4.2.2.1 is working and that no other traffic that is not on your local network is working. If this works then try adding the second route add command, defining a default gw that uses the tun0 interface.

EDIT: I guess you can ignore what I wrote. I didn't notice that this continued on a second page

Last edited by fancylad; 03-30-2010 at 03:22 PM.
 
Old 03-30-2010, 04:38 PM   #22
FireRaven
Member
 
Registered: Apr 2006
Location: Australia
Distribution: Debian Squeeze
Posts: 135

Original Poster
Rep: Reputation: 18
Quote:
Originally Posted by fancylad View Post
EDIT: I guess you can ignore what I wrote. I didn't notice that this continued on a second page
That's what I did and it worked
4.2.2.1 was just a test IP though. The other one was the global IP for the gateway, so adding that before the default route made it work.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I route internet traffic over my second IP address? FireRaven Linux - Networking 9 03-09-2010 02:04 PM
iptables question with OpenVPN (tun0 to tun0 filtering) fang0654 Linux - Server 3 09-30-2009 02:17 AM
Iptables/TC: how to make masqueraded traffic go through an openVPN tun0? theVOID Linux - Networking 3 04-25-2008 03:34 AM
route any traffic between two NICs thirumala Linux - Networking 0 03-24-2004 05:54 PM
Route traffic like a hub atlesn Linux - Networking 2 03-21-2004 04:51 PM


All times are GMT -5. The time now is 08:02 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration