OpenVPN without default routing
Posted: Fri Nov 28, 2014 3:17 pm
Hello,
I'm new to customized openVPN, though I've used linux for over 10 years.
I usa HMAPro to secure my browsing when I'm out & about. When I connect everything is routed through the VPN.
However what I'd like to do is *not* change the default route, and instead have specific applications use tun0.
I've worked out that by using "route-noexec" in the .ovpn file, it will not change the default route.
This is the output of route before openvpn is run:
This is the output of route after openvpn is run, with "route-noexec" included
Which is what I thought I wanted; However I cannot ping anything through the tun0 interface:
If I run openvpn without "route-noexec" then the route output is as follows:
And obviously, "ping http://www.google.com -I tun0" works with no problem.
OpenVPN adds the following routes:
If, after establishing tun0, I run each of these individually and then try "ping http://www.google.com -I tun0", I get nothing until I add the default route.
To summarize, I want to establish a VPN without changing the default route. I have several applications which can manually select tun0, but thus far, tun0 seems to be unusable.
Many thanks in advance for any assistance!
Steve
I'm new to customized openVPN, though I've used linux for over 10 years.
I usa HMAPro to secure my browsing when I'm out & about. When I connect everything is routed through the VPN.
However what I'd like to do is *not* change the default route, and instead have specific applications use tun0.
I've worked out that by using "route-noexec" in the .ovpn file, it will not change the default route.
This is the output of route before openvpn is run:
Code: Select all
steve@X501A:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.6.1 0.0.0.0 UG 0 0 0 wlan0
192.168.6.0 * 255.255.255.0 U 9 0 0 wlan0
steve@X501A:~$
Code: Select all
steve@X501A:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.6.1 0.0.0.0 UG 0 0 0 wlan0
10.200.0.0 * 255.255.252.0 U 0 0 0 tun0
192.168.6.0 * 255.255.255.0 U 9 0 0 wlan0
steve@X501A:~$
Code: Select all
steve@X501A:~$ ping www.google.com
PING www.google.com (74.125.228.243) 56(84) bytes of data.
64 bytes from iad23s24-in-f19.1e100.net (74.125.228.243): icmp_seq=1 ttl=53 time=23.8 ms
64 bytes from iad23s24-in-f19.1e100.net (74.125.228.243): icmp_seq=2 ttl=53 time=26.1 ms
64 bytes from iad23s24-in-f19.1e100.net (74.125.228.243): icmp_seq=3 ttl=53 time=26.3 ms
^C
--- www.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 23.867/25.467/26.338/1.132 ms
steve@X501A:~$ ping www.google.com -I tun0
PING www.google.com (74.125.228.244) from 10.200.3.242 tun0: 56(84) bytes of data.
^C
--- www.google.com ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5040ms
steve@X501A:~$
Code: Select all
steve@X501A:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.200.0.1 128.0.0.0 UG 0 0 0 tun0
default 192.168.6.1 0.0.0.0 UG 0 0 0 wlan0
10.200.0.0 * 255.255.252.0 U 0 0 0 tun0
107.181.66.2 192.168.6.1 255.255.255.255 UGH 0 0 0 wlan0
128.0.0.0 10.200.0.1 128.0.0.0 UG 0 0 0 tun0
192.168.6.0 * 255.255.255.0 U 9 0 0 wlan0
steve@X501A:~$
OpenVPN adds the following routes:
Code: Select all
/sbin/ip route add 107.181.66.2/32 via 192.168.6.1
/sbin/ip route add 0.0.0.0/1 via 10.200.0.1
/sbin/ip route add 128.0.0.0/1 via 10.200.0.1
To summarize, I want to establish a VPN without changing the default route. I have several applications which can manually select tun0, but thus far, tun0 seems to be unusable.
Many thanks in advance for any assistance!
Steve