LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-21-2016, 02:55 PM   #1
123user
LQ Newbie
 
Registered: Feb 2016
Posts: 7

Rep: Reputation: Disabled
Question How do I route traffic through my existing VPN?


I have the following setup:

Linux box <-> Network 1 <-> OpenVPN client <-> OpenVPN server <-> Network 2

The OpenVPN client and server are both running on Tomato routers, so I can ask them to do more if needed.

I have set up the OpenVPN client in the router to route certain traffic over the VPN, which is working fine.

Now I would like to be able to optionally configure the Linux box to pass all internet traffic through the VPN. Is that possible?
 
Old 02-22-2016, 03:09 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: Fedora
Posts: 4,138

Rep: Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263
Just change your default gateway to the router on network 2:

Code:
ip route show
ip route delete default
ip route add default via <new_router_ip>
 
Old 02-23-2016, 02:07 PM   #3
123user
LQ Newbie
 
Registered: Feb 2016
Posts: 7

Original Poster
Rep: Reputation: Disabled
Thanks, smallpond, but I don't think that works. I get:
RTNETLINK answers: Network is unreachable

I think that is because that router (the OpenVPN server) is not on the local network, but only reachable through the local router (OpenVPN client). By deleting the default route, which used the latter as a gateway, there is now no way to reach anything but the local network.
 
Old 02-23-2016, 07:38 PM   #4
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: Fedora
Posts: 4,138

Rep: Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263
If your VPN is layer 3 then you also need to add a route to Network 2.
 
Old 02-24-2016, 02:13 PM   #5
123user
LQ Newbie
 
Registered: Feb 2016
Posts: 7

Original Poster
Rep: Reputation: Disabled
So obviously I don't really know how IP networking works, but I'm starting to think that this is not working because it can't work. Can you really make a packet that says "I want to go to this address, via this intermediary" using just plain IP? Where the routing table specifies a next hop, is that not something that gets translated to a link-local address before the package is put on the wire? That could not work in this case, since the second router is not on the local network.

I would be very happy to be wrong here; perhaps you or someone else could show me the routing commands to use in that case? I have been trying to figure it out, but to no avail.

If I am correct, then I would need to use tunnelling of some sort, would I not? I just have no idea what the simplest solution for that would be either?
 
Old 02-24-2016, 03:54 PM   #6
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: Fedora
Posts: 4,138

Rep: Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263
With a layer 3 VPN you have one NIC with 2 interfaces. Lets suppose they are eth0 and tun0. eth0 is on network1, has a network1 IP address and should have 1 entry in the routing table saying any packet destined for network1 should go through eth0. tun0 goes through your OpenVPN connection to network2, has a VPN IP address and needs 2 entries in the routing table. It has the network route for network2. The second route that it needs is the default gateway route which points to the gateway on network2. That gateway had better be doing NAT else the return packets will have tough sledding.

OpenVPN can automatically push both of these routes when you connect. To do this the server config needs something like:
Code:
push "route 192.168.0.0 255.255.255.0"
push "redirect-gateway def1"
https://openvpn.net/index.php/open-s...ion/howto.html

As for what's in the packets, eth0 packets have the network1 source IP address, and tun0 packets have the VPN source IP address. The dest IP address is the the place you want the packet to go. No intermediary required. The source ethernet address is the MAC. The dest Ethernet address is retrieved by ARP for network1 addresses, and will go to the VPN router for tun0 packets.
 
Old 02-24-2016, 04:17 PM   #7
123user
LQ Newbie
 
Registered: Feb 2016
Posts: 7

Original Poster
Rep: Reputation: Disabled
Thanks again! I'm not sure that I understand fully, but I'm trying. The thing is that the configuration that you are talking about seems to relate to the "OpenVPN client" router in my example, or am I misunderstanding? If I add the push directive to the VPN server, that would affect the routing on the client router, not the "Linux box" client, no? As per my original post, I can configure the routing at the router so that everything is routed through network 2, if I had wanted to.

But what I want to be able to do is to tell just the "Linux box", a client on network 1, to route all its traffic through the VPN, without having to change the configuration of the local router (which would mean that all traffic from all clients would take that route). Since I control all machines involved, and can set up additional services if needed on all of them (though I would prefer to add as little complexity as possible), surely there must be some way to accomplish this?

Or is there something that I can configure on just the "Linux box" after all to make this work?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
route http and ssh traffic normally, everything else via vpn tunnel normadize Linux - Networking 0 10-20-2013 05:44 PM
raspberry PI as gateway to route VPN traffic depam Linux - Software 2 06-22-2013 06:13 AM
openvpn push route priority over existing route lievendp Linux - Networking 0 06-22-2012 07:52 AM
Route only some traffic throw VPN and everything else the "direct" way.. athor Linux - Networking 7 12-30-2009 05:35 PM
OpenVPN route issues, all traffic through VPN tunnel stuartornum Linux - Server 4 03-05-2007 03:07 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration