Routing to VPN only for private addresses?

RyanRahl · 08-26-2016, 07:39 PM

I'm working remotely to my job with connection to a vpn that is 1000s of miles away and frankly quite slow. When the VPN initializes it's connection all traffic is routed through said VPN, which is frustrating and I'd like my laptop to only route through the VPN to the private addresses in the VPN, everything else, through my normal gateway. I'm sure this is possible but I am not a network guru.
Before I'm connected to the VPN my network config looks like this

Code:

wlp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.27.15  netmask 255.255.255.0  broadcast 192.168.27.255
        inet6 fe80::ce3d:82ff:fe6f:361e  prefixlen 64  scopeid 0x20<link>
        ether cc:3d:82:6f:36:1e  txqueuelen 1000  (Ethernet)
        RX packets 6395669  bytes 7384490836 (6.8 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3232495  bytes 603869217 (575.8 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

route looks like this

Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.27.1    0.0.0.0         UG    600    0        0 wlp3s0
192.168.27.0    0.0.0.0         255.255.255.0   U     600    0        0 wlp3s0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

When I'm connected to the VPN my network config looks like this

Code:

wlp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.27.15  netmask 255.255.255.0  broadcast 192.168.27.255
        inet6 fe80::ce3d:82ff:fe6f:361e  prefixlen 64  scopeid 0x20<link>
        ether cc:3d:82:6f:36:1e  txqueuelen 1000  (Ethernet)
        RX packets 6351659  bytes 7319816201 (6.8 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3207333  bytes 599099526 (571.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=81<UP,POINTOPOINT,RUNNING>  mtu 1411
        inet 10.25.9.194  netmask 255.255.255.255  destination 1.1.1.1
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 273558  bytes 366601185 (349.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 167641  bytes 12699451 (12.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

route like this

Code:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.25.9.194     128.0.0.0       UG    1      0        0 tun0
0.0.0.0         192.168.27.1    0.0.0.0         UG    600    0        0 wlp3s0
1.1.1.1         0.0.0.0         255.255.255.255 UH    0      0        0 tun0
128.0.0.0       10.25.9.194     128.0.0.0       UG    1      0        0 tun0
153.X.X.X      192.168.27.1    255.255.255.255 UGH   1      0        0 wlp3s0
192.168.27.1    192.168.27.15   255.255.255.255 UGH   1      0        0 wlp3s0

The goal is basically to route all traffic destined for 10.*.*.*, 172.16.*.* and a small possibility of a few subnets in 192.168.???.*

Any help with this would be amazing. thank you

Mitt Green · 08-27-2016, 02:25 PM

Hi,

You can add those private addresses to route like this:

Code:

sudo route add YOURIPHERE dev tun0

You can also specify a netmask before "dev tun0". Do you use SSH? For SSH with VPN there's some Ubuntu-specific documentation that might help you.

RyanRahl · 09-03-2016, 01:39 PM

Hi, thanks for the reply. This is kind of what I am looking for but the other way around. When I connect to the VPN it sets up all my traffic to route through tun0. How do I change my default gateway on my local network interface (wlp3s0) to 192.168.27.1, and route all private addresses through tun0?

Mitt Green · 09-04-2016, 04:17 AM

Quote:

Originally Posted by RyanRahl

Hi, thanks for the reply. This is kind of what I am looking for but the other way around. When I connect to the VPN it sets up all my traffic to route through tun0. How do I change my default gateway on my local network interface (wlp3s0) to 192.168.27.1, and route all private addresses through tun0?

Simply change tun0 to your interface (wlp3s0) in the example above.