[SOLVED] How do I route my internet traffic over tun0?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Yes, then you do "traceroute 220.127.116.11" - you see that packets ARE TRYING to go through tun0. It doesn't mean they are reach other side.
First of all you HAVE to be able to ping other side of your tunnel. So, you have to ping 10.8.0.2 from 10.8.0.1, and 10.8.0.1 from 10.8.0.2. Your OpenVPN software has to create tunnel before.
When you get this, you can add route for OpenVPN IP, everything else will use GW on other side of the tunnel.
But, es I said before, first of all, the tunnel should work it self.
Right now, after you added "10.8.0.0/24 dev tun0 scope link" packets addressed to 10.8.0.x will definitely go to tun0. And if OpenVPN on other side works and connects to your computer you should "ping" its interface with IP=10.8.0.1.
Ok I just got it working, from a fresh start this is what was needed:
root@ubuntu-vmguest:/opt# route add -net 18.104.22.168 netmask 255.255.255.255 gw 192.168.2.99 dev eth0
root@ubuntu-vmguest:/opt# route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.8.0.1 metric 99 dev tun0
root@ubuntu-vmguest:/opt# ip route show
22.214.171.124 via 192.168.2.99 dev eth0
10.8.0.1 dev tun0 proto kernel scope link src 10.8.0.2
192.168.2.200 dev eth0 scope link src 192.168.2.11
192.168.2.150 dev ppp0 proto kernel scope link src 192.168.2.153
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.11
192.168.77.0/24 via 10.8.0.1 dev tun0
default via 10.8.0.1 dev tun0 metric 99
default via 192.168.2.99 dev eth0 metric 100
I just had to add a higher priority to 126.96.36.199 to route through eth0 (gateway 192.168.2.99) while let all other traffic route through tun0 (gateway 10.8.0.1) at a lower priority, therefor not breaking tun0. This is because 188.8.131.52 is the VPN gateway for tun0 so it needs to not route through tun0 (of course).
With that routing table shown all internet traffic routes through tun0 where only 192.168.2.0/24 and 184.108.40.206 route through eth0 (192.168.2.99).
Thanks for your help working this out nimnull22!
EDIT: I don't think the "gw 10.8.0.1" part is needed since 10.8.0.1 is the only peer on tun0
yes you are right. if you are setting a default route that uses the vpn connection then, by defualt, linux will try to push all traffic out this way. what if you first define a route for the vpn network so that eth0 can use this then add the default route using the vpn tunnel? Something like this:
This is assuming that 220.127.116.11 is the ip of the vpn gateway or whatever you wan to call it at the far end and 192.168.2.99 is the ip of your regular gateway for your eth0 connection. If this doesn't work try playing around with the first route add command. Remove the default gw altogether and make sure the route add command works so that any traffic destined for 18.104.22.168 is working and that no other traffic that is not on your local network is working. If this works then try adding the second route add command, defining a default gw that uses the tun0 interface.
EDIT: I guess you can ignore what I wrote. I didn't notice that this continued on a second page