LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-09-2014, 02:20 PM   #1
miceagol
LQ Newbie
 
Registered: Oct 2004
Location: Oslo, Norway
Distribution: Ubuntu
Posts: 27

Rep: Reputation: 15
How do I stop the VPN interface from being the default route when openvpn is started?


I'm trying to set up all traffic for a specific user on my server to use the VPN interface (tun0). But when I start the vpn service with
Code:
sudo service openvpn start
tun0 automatically becomes the default route for all users. I'd like it to keep eth0 as the default route.

How do I make this happen?
 
Old 02-10-2014, 11:02 AM   #2
yongitz
Member
 
Registered: Nov 2005
Location: Davao City, Philippines
Distribution: RHEL, CentOS, Ubuntu, Mint
Posts: 139

Rep: Reputation: 20
Something like this would work. You could make a tiny script to include the startup of VPN service then after that change the default route to eth0 by executing the command:

Quote:
route add default gw YOUR_DEFAULT_GW_IP_ADDRESS eth0
Hope this helps.
 
Old 02-10-2014, 01:39 PM   #3
miceagol
LQ Newbie
 
Registered: Oct 2004
Location: Oslo, Norway
Distribution: Ubuntu
Posts: 27

Original Poster
Rep: Reputation: 15
When I run the route command you gave me after starting openvpn, I get the following error:
Code:
user@host:~$ sudo route add default gw 192.168.19.1 eth0
SIOCADDRT: File exists
Output of netstat -r is:
Code:
user@host:~$ netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         10.153.1.5      128.0.0.0       UG        0 0          0 tun0
default         192.168.19.1    0.0.0.0         UG        0 0          0 eth0
default         192.168.19.1    0.0.0.0         UG        0 0          0 eth0
10.153.1.1      10.153.1.5      255.255.255.255 UGH       0 0          0 tun0
10.153.1.5      *               255.255.255.255 UH        0 0          0 tun0
<external vpn ip> 192.168.19.1    255.255.255.255 UGH       0 0          0 eth0
128.0.0.0       10.153.1.5      128.0.0.0       UG        0 0          0 tun0
192.168.19.0    *               255.255.255.0   U         0 0          0 eth0
192.168.122.0   *               255.255.255.0   U         0 0          0 virbr0
So it seems the gateway route is already part of the route table even after openvpn is started. It looks like the first two rows should be swapped for this to be correct?
 
Old 02-11-2014, 03:18 AM   #4
yongitz
Member
 
Registered: Nov 2005
Location: Davao City, Philippines
Distribution: RHEL, CentOS, Ubuntu, Mint
Posts: 139

Rep: Reputation: 20
I believe you should be changing the network scope of your openvpn configuration so just to cover the vpn network.

Btw, can you try running netstat again with the -n switch.

Quote:
netstat -rn

Last edited by yongitz; 02-11-2014 at 03:25 AM.
 
Old 02-11-2014, 11:03 AM   #5
miceagol
LQ Newbie
 
Registered: Oct 2004
Location: Oslo, Norway
Distribution: Ubuntu
Posts: 27

Original Poster
Rep: Reputation: 15
Ok, here goes:
Code:
user@host:~/scripts$ netstat -rn 
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.127.1.9      128.0.0.0       UG        0 0          0 tun0
0.0.0.0         192.168.19.1    0.0.0.0         UG        0 0          0 eth0
0.0.0.0         192.168.19.1    0.0.0.0         UG        0 0          0 eth0
10.127.1.1      10.127.1.9      255.255.255.255 UGH       0 0          0 tun0
10.127.1.9      0.0.0.0         255.255.255.255 UH        0 0          0 tun0
128.0.0.0       10.127.1.9      128.0.0.0       UG        0 0          0 tun0
<external vpn ip> 192.168.19.1    255.255.255.255 UGH       0 0          0 eth0
192.168.19.0    0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.122.0   0.0.0.0         255.255.255.0   U         0 0          0 virbr0
Looks similar. Note that the vpn ip addresses have changed since yesterday.
 
Old 02-12-2014, 05:57 AM   #6
yongitz
Member
 
Registered: Nov 2005
Location: Davao City, Philippines
Distribution: RHEL, CentOS, Ubuntu, Mint
Posts: 139

Rep: Reputation: 20
Your VPN network should be adjusted. When it's up it should not have a destination network of 0.0.0.0 but a defined network for VPN only.

Anyway, you can just delete the default network that's been added by VPN by
Quote:
route del default gw 10.27.1.9
That way your default gateway would now be 192.168.19.1.
 
Old 02-12-2014, 04:36 PM   #7
miceagol
LQ Newbie
 
Registered: Oct 2004
Location: Oslo, Norway
Distribution: Ubuntu
Posts: 27

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by yongitz View Post
Your VPN network should be adjusted. When it's up it should not have a destination network of 0.0.0.0 but a defined network for VPN only.
I don't really understand what you mean by a defined network. Could you please elaborate?

Quote:
Originally Posted by yongitz View Post
Anyway, you can just delete the default network that's been added by VPN by
That way your default gateway would now be 192.168.19.1.
Your command didn't work, just got the following error (note! VPN ip has changed since last post):
Code:
user@host:~/scripts$ sudo route del default gw 10.136.1.5
SIOCDELRT: No such process
I guess that my gateway 192.168.19.1 is in fact the default route, even though the vpn gateway is on the top line.

Managed to delete the line with this command instead:
Code:
sudo route del -net 0.0.0.0 netmask 128.0.0.0 dev tun0
But I was still connected to vpn after removing it.

So I tried to remove one line at a time related to the vpn, and after removing all of them I finally was disconnected from the vpn tunnel.
Code:
user@host:~/scripts$ netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.19.1    0.0.0.0         UG        0 0          0 eth0
0.0.0.0         192.168.19.1    0.0.0.0         UG        0 0          0 eth0
192.168.19.0    0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.122.0   0.0.0.0         255.255.255.0   U         0 0          0 virbr0
Now the question is: How do I get the up script to remove these lines in the ip table automatically. The vpn ip addresses change all time, so the script must be able to fetch the numbers from the ip table somehow. Or is it possible to issue a route del command according to line number in the table?
 
Old 02-12-2014, 04:54 PM   #8
miceagol
LQ Newbie
 
Registered: Oct 2004
Location: Oslo, Norway
Distribution: Ubuntu
Posts: 27

Original Poster
Rep: Reputation: 15
Well, there is another problem now. When I try to run the script to route only the specific user through the vpn, I get the following error.
Code:
user@host:~/scripts$ sudo ./vpn_singleuser.sh 
RTNETLINK answers: No such process
So I guess the script can't find the routes I just deleted. So I'm really lost on how to make this work.

The code in the script is based on this guide.
 
Old 02-16-2014, 04:18 AM   #9
yongitz
Member
 
Registered: Nov 2005
Location: Davao City, Philippines
Distribution: RHEL, CentOS, Ubuntu, Mint
Posts: 139

Rep: Reputation: 20
[QUOTE=miceagol;5116436]I don't really understand what you mean by a defined network. Could you please elaborate?

What I meant is that you should define your tunnel network instead of covering the 0.0.0.0(default) in your vpn script.

Your command didn't work, just got the following error (note! VPN ip has changed since last post):
Code:
user@host:~/scripts$ sudo route del default gw 10.136.1.5
SIOCDELRT: No such process
Where did you get the 10.136.1.5 I? Per your netstat your tunnel gateway should be 10.127.1.9
 
Old 02-19-2014, 02:52 PM   #10
miceagol
LQ Newbie
 
Registered: Oct 2004
Location: Oslo, Norway
Distribution: Ubuntu
Posts: 27

Original Poster
Rep: Reputation: 15
Finally, I got this to work by adding route-nopull to the openvpn configuration file in /etc/openvpn/server.conf. Such a small command fixed everything.
 
  


Reply

Tags
eth0, openvpn, vpn


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to route 2 interface one with local GW and one with VPN on the same machine. Tampen Linux - Networking 4 04-25-2012 11:18 PM
OS 11.2 - OpenVPN - default Route wrong icebraker987 SUSE / openSUSE 1 11-26-2009 03:41 PM
OpenVPN route issues, all traffic through VPN tunnel stuartornum Linux - Server 4 03-05-2007 04:07 AM
OpenVPN and default route ziobudda Linux - Networking 0 09-13-2006 11:04 AM
Starting an Interface without a Default Subnet Route LinuxGeek Linux - Networking 5 08-30-2006 07:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration