Connect internet through tun0 and eth0 at the same time

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
UJ
OpenVpn Newbie
Posts: 1
Joined: Sun Oct 28, 2018 7:24 am

Connect internet through tun0 and eth0 at the same time

Post by UJ » Sun Oct 28, 2018 9:27 am

I'm trying to connect internet selectively through tun0 and eth0 without the configuration option "redirect-gateway def1"
My final goal is routing all the internet traffic from openVPN client's subnet (br0: 10.0.10.0/24) through tun0
and routing openVPN client just using eth0 for the internet.

The "redirect-gateway def1" option allow client's subnet to pass all the traffic through tun0, but it prevents openVPN's client from using eth0.
If I'm not using the "redirect-gate def1" option, then the client's subnet can access to the openVPN's network (192.168.255.0/24) but cannot access to the internet.

So I narrowed down the objective of my issue to make "ping -I tun0 8.8.8.8" successful on the openVPN's client without using "redirect-gateway def1" option.


"tcpdump -i tun0" while "ping -I tun0 8.8.8.8" show that it actually receives the ICMP echo reply, but cannot ping. I cannot figure it why.

$ ping -I tun0 8.8.8.8

Code: Select all

PING 8.8.8.8 (8.8.8.8) from 192.168.255.14 tun0: 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 9217ms
$ tcpdump -i tun0

Code: Select all

16:42:04.262576 IP linux > google-public-dns-a.google.com: ICMP echo request, id 13612, seq 112, length 64
16:42:04.302313 IP google-public-dns-a.google.com > linux: ICMP echo reply, id 13612, seq 112, length 64
I tried all the possible iptables and routing table on the server and client several days but did not solved it.

Below are my current openVPN configurations, client's iptables and routing table.

server.conf (simplifed ver)

Code: Select all

server 192.168.255.0 255.255.255.0
dev tun0
compress lz4-v2
push "compress lz4-v2"
route 192.168.255.0 255.255.255.0
push "block-outside-dns"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client.conf (simplifed ver)

Code: Select all

client
nobind
dev tun
remote <VPN IP> 443 tcp
pull
compress lz4-v2
server's iptables (rules related with VPN)

Code: Select all

iptables -A POSTROUTING -s 192.168.254.0/24 -o eth0 -j MASQUERADE
client's iptables (rules related with VPN and subnet)

Code: Select all

iptables -t nat -A POSTROUTING -s 10.0.10.0/24 -o tun0 -j MASQUERADE
iptables -A FORWARD -i br0 -j ACCEPT
iptables -A FORWARD -i tun0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
server's route (inside Docker container (kylemanna/openvpn))

Code: Select all

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         172.17.0.1      0.0.0.0         UG    0      0        0 eth0
172.17.0.0      *               255.255.0.0     U     0      0        0 eth0
192.168.255.0   192.168.255.2   255.255.255.0   UG    0      0        0 tun0
192.168.255.2   *               255.255.255.255 UH    0      0        0 tun0
client's route

Code: Select all

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         _gateway        0.0.0.0         UG    0      0        0 eth0
10.0.10.0       0.0.0.0         255.255.255.0   U     0      0        0 br0
121.213.123.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
link-local      0.0.0.0         255.255.0.0     U     1000   0        0 br0
192.168.255.1   192.168.255.13  255.255.255.255 UGH   0      0        0 tun0
192.168.255.13  0.0.0.0         255.255.255.255 UH    0      0        0 tun0
I found adding routes below can turn it into the same state with using "redirect-gateway def1"

Code: Select all

route add -net 0.0.0.0 netmask 128.0.0.0 gw 192.168.255.13 dev tun0
route add -net 128.0.0.0 netmask 128.0.0.0 gw 192.168.255.13 dev tun0
Server's ifconfig (inside Docker container (kylemanna/openvpn))

Code: Select all

eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:02
          inet addr:172.17.0.2  Bcast:0.0.0.0  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4176455 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4080837 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:192.168.255.1  P-t-P:192.168.255.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:1323713 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2435718 errors:0 dropped:771 overruns:0 carrier:0
          collisions:0 txqueuelen:100
Client's ifconfig

Code: Select all

br0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet 10.0.10.1  netmask 255.255.255.0  broadcast 10.0.10.255
        ether xx:xx:xx:xx:xx:xx  txqueuelen 1000  (Ethernet)
        RX packets 7956  bytes 1329777 (1.3 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4793  bytes 580907 (580.9 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        
        eth1: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet 121.213.123.144  netmask 255.255.255.0  broadcast 121.213.123.255
        ether xx:xx:xx:xx:xx:xx  txqueuelen 1000  (Ethernet)
        RX packets 344261  bytes 21022402 (21.0 MB)
        RX errors 0  dropped 1757  overruns 0  frame 0
        TX packets 8835  bytes 737011 (737.0 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xc1100000-c111ffff
        
        tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 192.168.255.14  netmask 255.255.255.255  destination 192.168.255.13
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 870  bytes 73032 (73.0 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 880  bytes 73512 (73.5 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
Top
Post Reply

Return to “Configuration”