Routing /16 except for /24 ?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 4
- Joined: Fri Apr 12, 2019 1:12 am
Routing /16 except for /24 ?
Hello all,
I'm working on a network that has a /24 management network within a larger /16 network. The openvpn client has an ip within the /24. I want to route for example 10.255.0.0/16 through the tunnel with the exception of the IP on assigned to the client interface. I tested the directive "redirect-gateway block-local def1" but I don't want all the traffic going down the tunnel just the 10.255.0.0/16 connections (minus the ip on the interface). Anyone aware of a directive that will support such a thing? Ex. push 10.255.0.0/16 block-local
Gracias,
sp.
I'm working on a network that has a /24 management network within a larger /16 network. The openvpn client has an ip within the /24. I want to route for example 10.255.0.0/16 through the tunnel with the exception of the IP on assigned to the client interface. I tested the directive "redirect-gateway block-local def1" but I don't want all the traffic going down the tunnel just the 10.255.0.0/16 connections (minus the ip on the interface). Anyone aware of a directive that will support such a thing? Ex. push 10.255.0.0/16 block-local
Gracias,
sp.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Apr 12, 2019 6:36 pm
Re: Routing /16 except for /24 ?
Try placing routes in an up script.
Example:
ip rule add from 10.255.252.0/23 lookup tun0
ip rule add from 10.255.248.0/22 lookup tun0
ip rule add from 10.255.240.0/21 lookup tun0
ip rule add from 10.255.224.0/20 lookup tun0
ip rule add from 10.255.192.0/19 lookup tun0
ip rule add from 10.255.128.0/18 lookup tun0
ip rule add from 10.255.0.0/17 lookup tun0
This will exclude 10.255.254.0/24 from being routed down the tunnel and will cover everything else in the 10.255.0.0/16 subnet.
Renumber according to your own needs.
Gracias
sp.
Example:
ip rule add from 10.255.252.0/23 lookup tun0
ip rule add from 10.255.248.0/22 lookup tun0
ip rule add from 10.255.240.0/21 lookup tun0
ip rule add from 10.255.224.0/20 lookup tun0
ip rule add from 10.255.192.0/19 lookup tun0
ip rule add from 10.255.128.0/18 lookup tun0
ip rule add from 10.255.0.0/17 lookup tun0
This will exclude 10.255.254.0/24 from being routed down the tunnel and will cover everything else in the 10.255.0.0/16 subnet.
Renumber according to your own needs.
Gracias
sp.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Routing /16 except for /24 ?
staticprop wrote: ↑Fri Apr 12, 2019 1:25 amI want to route for example 10.255.0.0/16 through the tunnel with the exception of the IP on assigned to the client interface
Code: Select all
route 10.255.0.0 255.255.0.0
-
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Apr 12, 2019 6:36 pm
Re: Routing /16 except for /24 ?
Push route 10.255.0.0 255.255.0.0 will not exclude the /24 within the 10.255 network. The poster wanted to exclude th management network from routing down the tunnel.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Routing /16 except for /24 ?
According to the OPs original question, the answer I gave should work.
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Routing /16 except for /24 ?
How about firewall rules?
Wouldn't that be the proper way?
Wouldn't that be the proper way?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Routing /16 except for /24 ?
Using a firewall can stop traffic for the "management network" going via the tunnel
-
- OpenVpn Newbie
- Posts: 4
- Joined: Fri Apr 12, 2019 1:12 am
Re: Routing /16 except for /24 ?
The post by hackerm solved the issue. It allows me to route everything down the tunnel except for the /24 management network within the same larger /16 subnet. Using route 10.255.0.0 sends everything down the tunnel and breaks the connection soon after the tunnel is setup. This is because the IP on the VPN server acting as the client is an IP on this /24.
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Routing /16 except for /24 ?
When your client is connected, can he set a route to the management network.....?
I would still use firewall...
I would still use firewall...
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Routing /16 except for /24 ?
I am not even going to try to understand what this means without the prerequisite information.staticprop wrote: ↑Fri Apr 12, 2019 1:25 amI want to route for example 10.255.0.0/16 through the tunnel with the exception of the IP on assigned to the client interface
-
- OpenVpn Newbie
- Posts: 4
- Joined: Fri Apr 12, 2019 1:12 am
Re: Routing /16 except for /24 ?
openvpn server acting as a client has an IP address of 10.255.254.1. This is the source IP that makes a connection to the remote server. 10.255.254.0/24 is the management network. After the VPN is established the local host tries to send vpn connnection packets to the remote server down the tunnel and the connection breaks. Also the local host (10.255.254.1) can no longer reach the internet. I just wanted to exclude this /24 from getting routed down the tunnel. Using a firewall will do nothing to stop this if there is a route on the server sending it down the tunnel. My packets will get dropped.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Routing /16 except for /24 ?
Which client ?staticprop wrote: ↑Fri Apr 12, 2019 1:25 amI'm working on a network that has a /24 management network within a larger /16 network. The openvpn client has an ip within the /24
Please see:
viewtopic.php?f=30&t=22603
-
- OpenVpn Newbie
- Posts: 4
- Joined: Fri Apr 12, 2019 1:12 am
Re: Routing /16 except for /24 ?
OpenVPN community edition running on Linux no GUI running in client mode.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Tue Apr 23, 2019 8:42 am
Re: Routing /16 except for /24 ?
Hi there. Thanks for the useful information.