Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
02-09-2014, 02:20 PM
|
#1
|
LQ Newbie
Registered: Oct 2004
Location: Oslo, Norway
Distribution: Ubuntu
Posts: 27
Rep:
|
How do I stop the VPN interface from being the default route when openvpn is started?
I'm trying to set up all traffic for a specific user on my server to use the VPN interface (tun0). But when I start the vpn service with
Code:
sudo service openvpn start
tun0 automatically becomes the default route for all users. I'd like it to keep eth0 as the default route.
How do I make this happen?
|
|
|
02-10-2014, 11:02 AM
|
#2
|
Member
Registered: Nov 2005
Location: Davao City, Philippines
Distribution: RHEL, CentOS, Ubuntu, Mint
Posts: 139
Rep:
|
Something like this would work. You could make a tiny script to include the startup of VPN service then after that change the default route to eth0 by executing the command:
Quote:
route add default gw YOUR_DEFAULT_GW_IP_ADDRESS eth0
|
Hope this helps.
|
|
|
02-10-2014, 01:39 PM
|
#3
|
LQ Newbie
Registered: Oct 2004
Location: Oslo, Norway
Distribution: Ubuntu
Posts: 27
Original Poster
Rep:
|
When I run the route command you gave me after starting openvpn, I get the following error:
Code:
user@host:~$ sudo route add default gw 192.168.19.1 eth0
SIOCADDRT: File exists
Output of netstat -r is:
Code:
user@host:~$ netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default 10.153.1.5 128.0.0.0 UG 0 0 0 tun0
default 192.168.19.1 0.0.0.0 UG 0 0 0 eth0
default 192.168.19.1 0.0.0.0 UG 0 0 0 eth0
10.153.1.1 10.153.1.5 255.255.255.255 UGH 0 0 0 tun0
10.153.1.5 * 255.255.255.255 UH 0 0 0 tun0
<external vpn ip> 192.168.19.1 255.255.255.255 UGH 0 0 0 eth0
128.0.0.0 10.153.1.5 128.0.0.0 UG 0 0 0 tun0
192.168.19.0 * 255.255.255.0 U 0 0 0 eth0
192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0
So it seems the gateway route is already part of the route table even after openvpn is started. It looks like the first two rows should be swapped for this to be correct?
|
|
|
02-11-2014, 03:18 AM
|
#4
|
Member
Registered: Nov 2005
Location: Davao City, Philippines
Distribution: RHEL, CentOS, Ubuntu, Mint
Posts: 139
Rep:
|
I believe you should be changing the network scope of your openvpn configuration so just to cover the vpn network.
Btw, can you try running netstat again with the -n switch.
Last edited by yongitz; 02-11-2014 at 03:25 AM.
|
|
|
02-11-2014, 11:03 AM
|
#5
|
LQ Newbie
Registered: Oct 2004
Location: Oslo, Norway
Distribution: Ubuntu
Posts: 27
Original Poster
Rep:
|
Ok, here goes:
Code:
user@host:~/scripts$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.127.1.9 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.19.1 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.19.1 0.0.0.0 UG 0 0 0 eth0
10.127.1.1 10.127.1.9 255.255.255.255 UGH 0 0 0 tun0
10.127.1.9 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
128.0.0.0 10.127.1.9 128.0.0.0 UG 0 0 0 tun0
<external vpn ip> 192.168.19.1 255.255.255.255 UGH 0 0 0 eth0
192.168.19.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
Looks similar. Note that the vpn ip addresses have changed since yesterday.
|
|
|
02-12-2014, 05:57 AM
|
#6
|
Member
Registered: Nov 2005
Location: Davao City, Philippines
Distribution: RHEL, CentOS, Ubuntu, Mint
Posts: 139
Rep:
|
Your VPN network should be adjusted. When it's up it should not have a destination network of 0.0.0.0 but a defined network for VPN only.
Anyway, you can just delete the default network that's been added by VPN by
Quote:
route del default gw 10.27.1.9
|
That way your default gateway would now be 192.168.19.1.
|
|
|
02-12-2014, 04:36 PM
|
#7
|
LQ Newbie
Registered: Oct 2004
Location: Oslo, Norway
Distribution: Ubuntu
Posts: 27
Original Poster
Rep:
|
Quote:
Originally Posted by yongitz
Your VPN network should be adjusted. When it's up it should not have a destination network of 0.0.0.0 but a defined network for VPN only.
|
I don't really understand what you mean by a defined network. Could you please elaborate?
Quote:
Originally Posted by yongitz
Anyway, you can just delete the default network that's been added by VPN by
That way your default gateway would now be 192.168.19.1.
|
Your command didn't work, just got the following error (note! VPN ip has changed since last post):
Code:
user@host:~/scripts$ sudo route del default gw 10.136.1.5
SIOCDELRT: No such process
I guess that my gateway 192.168.19.1 is in fact the default route, even though the vpn gateway is on the top line.
Managed to delete the line with this command instead:
Code:
sudo route del -net 0.0.0.0 netmask 128.0.0.0 dev tun0
But I was still connected to vpn after removing it.
So I tried to remove one line at a time related to the vpn, and after removing all of them I finally was disconnected from the vpn tunnel.
Code:
user@host:~/scripts$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.19.1 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.19.1 0.0.0.0 UG 0 0 0 eth0
192.168.19.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
Now the question is: How do I get the up script to remove these lines in the ip table automatically. The vpn ip addresses change all time, so the script must be able to fetch the numbers from the ip table somehow. Or is it possible to issue a route del command according to line number in the table?
|
|
|
02-12-2014, 04:54 PM
|
#8
|
LQ Newbie
Registered: Oct 2004
Location: Oslo, Norway
Distribution: Ubuntu
Posts: 27
Original Poster
Rep:
|
Well, there is another problem now. When I try to run the script to route only the specific user through the vpn, I get the following error.
Code:
user@host:~/scripts$ sudo ./vpn_singleuser.sh
RTNETLINK answers: No such process
So I guess the script can't find the routes I just deleted. So I'm really lost on how to make this work.
The code in the script is based on this guide.
|
|
|
02-16-2014, 04:18 AM
|
#9
|
Member
Registered: Nov 2005
Location: Davao City, Philippines
Distribution: RHEL, CentOS, Ubuntu, Mint
Posts: 139
Rep:
|
[QUOTE=miceagol;5116436]I don't really understand what you mean by a defined network. Could you please elaborate?
What I meant is that you should define your tunnel network instead of covering the 0.0.0.0(default) in your vpn script.
Your command didn't work, just got the following error (note! VPN ip has changed since last post):
Code:
user@host:~/scripts$ sudo route del default gw 10.136.1.5
SIOCDELRT: No such process
Where did you get the 10.136.1.5 I? Per your netstat your tunnel gateway should be 10.127.1.9
|
|
|
02-19-2014, 02:52 PM
|
#10
|
LQ Newbie
Registered: Oct 2004
Location: Oslo, Norway
Distribution: Ubuntu
Posts: 27
Original Poster
Rep:
|
Finally, I got this to work by adding route-nopull to the openvpn configuration file in /etc/openvpn/server.conf. Such a small command fixed everything.
|
|
|
All times are GMT -5. The time now is 05:43 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|