Routing /16 except for /24 ?

This forum is for general conversation and user-user networking.
Post Reply
staticprop
OpenVpn Newbie
Posts: 4
Joined: Fri Apr 12, 2019 1:12 am

Routing /16 except for /24 ?

Post by staticprop » Fri Apr 12, 2019 1:25 am

Hello all,

I'm working on a network that has a /24 management network within a larger /16 network. The openvpn client has an ip within the /24. I want to route for example 10.255.0.0/16 through the tunnel with the exception of the IP on assigned to the client interface. I tested the directive "redirect-gateway block-local def1" but I don't want all the traffic going down the tunnel just the 10.255.0.0/16 connections (minus the ip on the interface). Anyone aware of a directive that will support such a thing? Ex. push 10.255.0.0/16 block-local

Gracias,

sp.

hackerm
OpenVpn Newbie
Posts: 2
Joined: Fri Apr 12, 2019 6:36 pm

Re: Routing /16 except for /24 ?

Post by hackerm » Fri Apr 12, 2019 6:43 pm

Try placing routes in an up script.

Example:

ip rule add from 10.255.252.0/23 lookup tun0
ip rule add from 10.255.248.0/22 lookup tun0
ip rule add from 10.255.240.0/21 lookup tun0
ip rule add from 10.255.224.0/20 lookup tun0
ip rule add from 10.255.192.0/19 lookup tun0
ip rule add from 10.255.128.0/18 lookup tun0
ip rule add from 10.255.0.0/17 lookup tun0

This will exclude 10.255.254.0/24 from being routed down the tunnel and will cover everything else in the 10.255.0.0/16 subnet.

Renumber according to your own needs.

Gracias

sp.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 6007
Joined: Fri Jun 03, 2016 1:17 pm

Re: Routing /16 except for /24 ?

Post by TinCanTech » Fri Apr 12, 2019 10:49 pm

staticprop wrote:
Fri Apr 12, 2019 1:25 am
I want to route for example 10.255.0.0/16 through the tunnel with the exception of the IP on assigned to the client interface

Code: Select all

route 10.255.0.0 255.255.0.0
Or --push that from the server.

hackerm
OpenVpn Newbie
Posts: 2
Joined: Fri Apr 12, 2019 6:36 pm

Re: Routing /16 except for /24 ?

Post by hackerm » Sat Apr 13, 2019 2:34 pm

Push route 10.255.0.0 255.255.0.0 will not exclude the /24 within the 10.255 network. The poster wanted to exclude th management network from routing down the tunnel.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 6007
Joined: Fri Jun 03, 2016 1:17 pm

Re: Routing /16 except for /24 ?

Post by TinCanTech » Sat Apr 13, 2019 3:01 pm

According to the OPs original question, the answer I gave should work.

User avatar
Pippin
OpenVPN Expert
Posts: 471
Joined: Wed Jul 01, 2015 8:03 am

Re: Routing /16 except for /24 ?

Post by Pippin » Sat Apr 13, 2019 6:12 pm

How about firewall rules?
Wouldn't that be the proper way?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 6007
Joined: Fri Jun 03, 2016 1:17 pm

Re: Routing /16 except for /24 ?

Post by TinCanTech » Sun Apr 14, 2019 12:47 am

Using a firewall can stop traffic for the "management network" going via the tunnel ;)

staticprop
OpenVpn Newbie
Posts: 4
Joined: Fri Apr 12, 2019 1:12 am

Re: Routing /16 except for /24 ?

Post by staticprop » Sun Apr 14, 2019 7:01 pm

The post by hackerm solved the issue. It allows me to route everything down the tunnel except for the /24 management network within the same larger /16 subnet. Using route 10.255.0.0 sends everything down the tunnel and breaks the connection soon after the tunnel is setup. This is because the IP on the VPN server acting as the client is an IP on this /24.

User avatar
Pippin
OpenVPN Expert
Posts: 471
Joined: Wed Jul 01, 2015 8:03 am

Re: Routing /16 except for /24 ?

Post by Pippin » Mon Apr 15, 2019 3:59 pm

When your client is connected, can he set a route to the management network.....?
I would still use firewall...

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 6007
Joined: Fri Jun 03, 2016 1:17 pm

Re: Routing /16 except for /24 ?

Post by TinCanTech » Mon Apr 15, 2019 5:05 pm

staticprop wrote:
Fri Apr 12, 2019 1:25 am
I want to route for example 10.255.0.0/16 through the tunnel with the exception of the IP on assigned to the client interface
I am not even going to try to understand what this means without the prerequisite information.

staticprop
OpenVpn Newbie
Posts: 4
Joined: Fri Apr 12, 2019 1:12 am

Re: Routing /16 except for /24 ?

Post by staticprop » Wed Apr 17, 2019 12:34 am

openvpn server acting as a client has an IP address of 10.255.254.1. This is the source IP that makes a connection to the remote server. 10.255.254.0/24 is the management network. After the VPN is established the local host tries to send vpn connnection packets to the remote server down the tunnel and the connection breaks. Also the local host (10.255.254.1) can no longer reach the internet. I just wanted to exclude this /24 from getting routed down the tunnel. Using a firewall will do nothing to stop this if there is a route on the server sending it down the tunnel. My packets will get dropped.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 6007
Joined: Fri Jun 03, 2016 1:17 pm

Re: Routing /16 except for /24 ?

Post by TinCanTech » Wed Apr 17, 2019 2:54 am

staticprop wrote:
Wed Apr 17, 2019 12:34 am
openvpn server acting as a client
staticprop wrote:
Fri Apr 12, 2019 1:25 am
I'm working on a network that has a /24 management network within a larger /16 network. The openvpn client has an ip within the /24
Which client ?

Please see:
viewtopic.php?f=30&t=22603

staticprop
OpenVpn Newbie
Posts: 4
Joined: Fri Apr 12, 2019 1:12 am

Re: Routing /16 except for /24 ?

Post by staticprop » Wed Apr 17, 2019 10:56 am

OpenVPN community edition running on Linux no GUI running in client mode.

kevlevrone
OpenVpn Newbie
Posts: 2
Joined: Tue Apr 23, 2019 8:42 am

Re: Routing /16 except for /24 ?

Post by kevlevrone » Tue Apr 23, 2019 8:43 am

Hi there. Thanks for the useful information.

Post Reply