connecting without changing my default gateway

[fargo 0]

Hi, I'm on Linux and am trying to connect to AirVPN without changing my default gateway (I want to tunnel a select few applications, but not all of them).

I can connect with NetworkManager, but it changes my gateway and doesn't seem to give me an option to change that.

So I'm falling back to using the openvpn commandline client. Unfortunately, I can't get this to work at all. I can connect alright, but no packets go through. Here's the routing table when NetworkManager does it:

Destination Gateway Genmask Flags Metric Ref Use Iface

default 10.4.0.173 0.0.0.0 UG 0 0 0 tun0

10.4.0.1 10.4.0.173 255.255.255.255 UGH 0 0 0 tun0

10.4.0.173 * 255.255.255.255 UH 0 0 0 tun0

108.59.8.147 140.180.128.1 255.255.255.255 UGH 0 0 0 eth0

140.180.128.0 * 255.255.192.0 U 1 0 0 eth0

link-local * 255.255.0.0 U 1000 0 0 eth0

And here is the routing table when OpenVPN (no extra options, just openvpn --config file.ovpn) tries it:

Destination Gateway Genmask Flags Metric Ref Use Iface

default 10.4.0.153 128.0.0.0 UG 0 0 0 tun0

default 140.180.128.1 0.0.0.0 UG 0 0 0 eth0

10.4.0.1 10.4.0.153 255.255.255.255 UGH 0 0 0 tun0

10.4.0.153 * 255.255.255.255 UH 0 0 0 tun0

108.59.8.147 140.180.128.1 255.255.255.255 UGH 0 0 0 eth0

128.0.0.0 10.4.0.153 128.0.0.0 UG 0 0 0 tun0

140.180.128.0 * 255.255.192.0 U 1 0 0 eth0

link-local * 255.255.0.0 U 1000 0 0 eth0

But of course, that's with default-gateway, so I don't care too much if it works (although it'd be nice to know why it doesn't).

If I add route-nopull, I get a routing table that looks like this:

Destination Gateway Genmask Flags Metric Ref Use Iface

default gigagate4.Princ 0.0.0.0 UG 0 0 0 eth0

10.4.0.93 * 255.255.255.255 UH 0 0 0 tun0

140.180.128.0 * 255.255.192.0 U 1 0 0 eth0

link-local * 255.255.0.0 U 1000 0 0 eth0

Fine. Everything works EXCEPT return traffic (if I ping -I tun0 and use tcpdump to watch the traffic I can see everything working, but the replies never seem to make it out of the tunnel). I guess this is because I didn't pull the routes that do this.

In summary:

- Can someone shine some light on why NetworkManager works, but the openvpn command line client doesn't?

- Can someone tell me what routes to add to get the return traffic from the tunnel? Or if there is a better way to run openvpn WITHOUT having my gateway changed, tell me?

Thanks!

[fargo 0]

Another piece of information: it seems like the openvpn commandline client is not setting up DNS properly, while networkmanager seems to set it up correctly.

[Staff 9972]

In summary:

- Can someone shine some light on why NetworkManager works, but the openvpn command line client doesn't?

Hello!

Can you please send us the openvpn logs?

- Can someone tell me what routes to add to get the return traffic from the tunnel? Or if there is a better way to run openvpn WITHOUT having my gateway changed, tell me?

Please see here: http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/

You can work with your tun interface and your physical interface (for example tun0 and eth0) in order to achieve what you want (assuming that your kernel supports policy routing and you have iproute utilities installed to handle multiple routing tables).

Kind regards