Jump to content
Not connected, Your IP: 3.142.133.210
lpav

Catch-all route not working

Recommended Posts

Hello all,

I have disabled ipv6, and try to set a rule to make all traffic to pass outside AirVPN:

image.png.1d28dbdaa227856f44ce21a4cc0ad943.png

However I am still exiting from the AirVPN server I am connected to.

Whats the correct rule for this?

Some data:

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         128.0.0.0       U     0      0        0 tun0
0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 eno2
10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 virbr1
10.4.182.0      0.0.0.0         255.255.255.0   U     0      0        0 tun0
128.0.0.0       0.0.0.0         128.0.0.0       U     0      0        0 tun0
185.104.184.43  0.0.0.0         255.255.255.255 UH    0      0        0 tun0
185.104.184.45  192.168.1.1     255.255.255.255 UGH   0      0        0 eno2
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 eno2
192.168.1.1     0.0.0.0         255.255.255.255 UH    100    0        0 eno2
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0


$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:00:11:00:11:00 brd ff:ff:ff:ff:ff:ff
    altname enp0s31f6
    inet 192.168.1.2/24 brd 192.168.1.255 scope global dynamic noprefixroute eno2
       valid_lft 80857sec preferred_lft 80857sec
3: wlo1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:11:00:11:11 brd ff:ff:ff:ff:ff:ff permaddr 24:41:8c:ab:a6:ad
    altname wlp0s20f3
4: virbr2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:82:50:72 brd ff:ff:ff:ff:ff:ff
5: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:9c:5d:ea brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.2/24 brd 10.0.2.255 scope global virbr1
       valid_lft forever preferred_lft forever
6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:1f:35:20 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
13: vboxnet0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff
14: vboxnet1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 0a:00:27:00:00:01 brd ff:ff:ff:ff:ff:ff
22: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
    link/none
    inet 10.4.182.231/24 scope global tun0
       valid_lft forever preferred_lft forever

 

Share this post


Link to post

You might want to have a look at this:

https://github.com/tool-maker/VPN_just_for_torrents/wiki/Running-OpenVPN-on-Linux-without-VPN-as-Default-Gateway

In that article the default gateway is not overridden using the main routing table. There is an article for Windows that does use this approach, and shows what entries you would need for IPv6, here:

https://github.com/tool-maker/VPN_just_for_torrents/wiki/Running-OpenVPN-on-Windows-without-VPN-as-Default-Gateway

In Linux you will need to set up source address routing:
 

Quote

The basic mechanism for setting up source address routing may not be obvious from reading the script below. I will explain the basic commands needed for IPv4. You need two commands similar to this:


sudo ip -4 route add default via 10.4.0.1 dev tun0 table 1234
sudo ip -4 rule add from 10.4.36.17 table 1234

In that tun0 was the name of the local interface for the VPN and 10.4.0.1 was the gateway IP address for the VPN. And 10.4.36.17 was the IP address of the local interface for the VPN, to which the torrent client would need to be bound. The first line adds a non-default routing table numbered as 1234. The second line adds a routing policy rule that says that any packet coming from a socket bound to address 10.4.36.17 should use the routing table numbered 1234 rather than the normal default routing table.

 

Then to override the VPN as default IPv4 default gateway in Linux using "ip", something like:
sudo ip -4 route add   0.0.0.0/2 via 192.168.1.1 dev eno2
sudo ip -4 route add  62.0.0.0/2 via 192.168.1.1 dev eno2
sudo ip -4 route add 128.0.0.0/2 via 192.168.1.1 dev eno2
sudo ip -4 route add 192.0.0.0/2 via 192.168.1.1 dev eno2
I don't use Eddie. Maybe you could try:
0.0.0.0/2
64.0.0.0/2
128.0.0.0/2
192.0.0.0/2
 

Share this post


Link to post
22 hours ago, lpav said:

I have disabled ipv6, and try to set a rule to make all traffic to pass outside AirVPN:


I'm sorry, this doesn't make sense. If you don't want any traffic routed through the VPN, don't connect to the VPN. Can you elaborate on the exact use case for what you're trying to do?

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
On 4/7/2022 at 12:58 PM, NaDre said:

You might want to have a look at this:

https://github.com/tool-maker/VPN_just_for_torrents/wiki/Running-OpenVPN-on-Linux-without-VPN-as-Default-Gateway

In that article the default gateway is not overridden using the main routing table. There is an article for Windows that does use this approach, and shows what entries you would need for IPv6, here:

https://github.com/tool-maker/VPN_just_for_torrents/wiki/Running-OpenVPN-on-Windows-without-VPN-as-Default-Gateway

In Linux you will need to set up source address routing:
 

 

Then to override the VPN as default IPv4 default gateway in Linux using "ip", something like:

sudo ip -4 route add   0.0.0.0/2 via 192.168.1.1 dev eno2
sudo ip -4 route add  62.0.0.0/2 via 192.168.1.1 dev eno2
sudo ip -4 route add 128.0.0.0/2 via 192.168.1.1 dev eno2
sudo ip -4 route add 192.0.0.0/2 via 192.168.1.1 dev eno2

 
 

Thank you @NaDre , but I was trying to figure out how the Eddie's route tunneling feature works itself.
 
Quote
I don't use Eddie. Maybe you could try:

0.0.0.0/2
64.0.0.0/2
128.0.0.0/2
192.0.0.0/2

Thanks for the recommendation, no luck unfortunately.

 
On 4/7/2022 at 4:22 PM, OpenSourcerer said:

I'm sorry, this doesn't make sense. If you don't want any traffic routed through the VPN, don't connect to the VPN. Can you elaborate on the exact use case for what you're trying to do?
Testing if Eddie's route tunneling works. The simplest rule of all is the "exclude all".
After you exclude all,  you build up with the specific inclusive rules.
 

Share this post


Link to post
1 hour ago, lpav said:

Testing if Eddie's route tunneling works. The simplest rule of all is the "exclude all".
After you exclude all,  you build up with the specific inclusive rules.


So, your use case is to route only specific traffic through the VPN?

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
On 4/21/2022 at 9:44 AM, OpenSourcerer said:

So, your use case is to route only specific traffic through the VPN?
Yes. Is there another use case for the routes setting?

Share this post


Link to post

I think OpenSourcerer just wants other people reading this (maybe much later) to understand the point of the conversation.
 

Share this post


Link to post
5 hours ago, lpav said:

Yes. Is there another use case for the routes setting?


The use case is actually to route specific traffic outside the VPN while connected, since OpenVPN occupies the default route (i.e., routing all traffic through the VPN is the default), and Eddie does not include a setting to prevent OpenVPN from setting it. Yes, I know there is a setting for "Inside tunnel" when you create an entry there, but I've been wondering myself what the purpose of this option is without a "Don't set default route" setting.
But I would've directed you to the same GitHub repo NaDre did: You need to prevent OpenVPN from softly overriding the default route, then you can set specific routes to be routed inside the VPN (and this setting would probably make sense, then).
 
4 hours ago, NaDre said:

I think OpenSourcerer just wants other people reading this (maybe much later) to understand the point of the conversation.


I'd write "I sensed the XY problem appearing", but it's far simpler: I was struggling to understand what the goal was. :)

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

We are probably getting a bit off-topic here, but since mentioned, has anyone tried to modify the openvpn settings used by Eddie?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...