lpav 2 Posted ... Hello all, I have disabled ipv6, and try to set a rule to make all traffic to pass outside AirVPN: However I am still exiting from the AirVPN server I am connected to. Whats the correct rule for this? Some data: $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 0.0.0.0 128.0.0.0 U 0 0 0 tun0 0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eno2 10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr1 10.4.182.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 128.0.0.0 0.0.0.0 128.0.0.0 U 0 0 0 tun0 185.104.184.43 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 185.104.184.45 192.168.1.1 255.255.255.255 UGH 0 0 0 eno2 192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eno2 192.168.1.1 0.0.0.0 255.255.255.255 UH 100 0 0 eno2 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 $ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:00:11:00:11:00 brd ff:ff:ff:ff:ff:ff altname enp0s31f6 inet 192.168.1.2/24 brd 192.168.1.255 scope global dynamic noprefixroute eno2 valid_lft 80857sec preferred_lft 80857sec 3: wlo1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 00:00:11:00:11:11 brd ff:ff:ff:ff:ff:ff permaddr 24:41:8c:ab:a6:ad altname wlp0s20f3 4: virbr2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:82:50:72 brd ff:ff:ff:ff:ff:ff 5: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:9c:5d:ea brd ff:ff:ff:ff:ff:ff inet 10.0.2.2/24 brd 10.0.2.255 scope global virbr1 valid_lft forever preferred_lft forever 6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:1f:35:20 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 13: vboxnet0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff 14: vboxnet1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 0a:00:27:00:00:01 brd ff:ff:ff:ff:ff:ff 22: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500 link/none inet 10.4.182.231/24 scope global tun0 valid_lft forever preferred_lft forever Quote Share this post Link to post
NaDre 157 Posted ... You might want to have a look at this:https://github.com/tool-maker/VPN_just_for_torrents/wiki/Running-OpenVPN-on-Linux-without-VPN-as-Default-Gateway In that article the default gateway is not overridden using the main routing table. There is an article for Windows that does use this approach, and shows what entries you would need for IPv6, here:https://github.com/tool-maker/VPN_just_for_torrents/wiki/Running-OpenVPN-on-Windows-without-VPN-as-Default-Gateway In Linux you will need to set up source address routing: Quote The basic mechanism for setting up source address routing may not be obvious from reading the script below. I will explain the basic commands needed for IPv4. You need two commands similar to this: sudo ip -4 route add default via 10.4.0.1 dev tun0 table 1234 sudo ip -4 rule add from 10.4.36.17 table 1234 In that tun0 was the name of the local interface for the VPN and 10.4.0.1 was the gateway IP address for the VPN. And 10.4.36.17 was the IP address of the local interface for the VPN, to which the torrent client would need to be bound. The first line adds a non-default routing table numbered as 1234. The second line adds a routing policy rule that says that any packet coming from a socket bound to address 10.4.36.17 should use the routing table numbered 1234 rather than the normal default routing table. Then to override the VPN as default IPv4 default gateway in Linux using "ip", something like: sudo ip -4 route add 0.0.0.0/2 via 192.168.1.1 dev eno2 sudo ip -4 route add 62.0.0.0/2 via 192.168.1.1 dev eno2 sudo ip -4 route add 128.0.0.0/2 via 192.168.1.1 dev eno2 sudo ip -4 route add 192.0.0.0/2 via 192.168.1.1 dev eno2 I don't use Eddie. Maybe you could try: 0.0.0.0/2 64.0.0.0/2 128.0.0.0/2 192.0.0.0/2 Quote Share this post Link to post
OpenSourcerer 1435 Posted ... 22 hours ago, lpav said: I have disabled ipv6, and try to set a rule to make all traffic to pass outside AirVPN: I'm sorry, this doesn't make sense. If you don't want any traffic routed through the VPN, don't connect to the VPN. Can you elaborate on the exact use case for what you're trying to do? Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
lpav 2 Posted ... On 4/7/2022 at 12:58 PM, NaDre said: You might want to have a look at this:https://github.com/tool-maker/VPN_just_for_torrents/wiki/Running-OpenVPN-on-Linux-without-VPN-as-Default-Gateway In that article the default gateway is not overridden using the main routing table. There is an article for Windows that does use this approach, and shows what entries you would need for IPv6, here:https://github.com/tool-maker/VPN_just_for_torrents/wiki/Running-OpenVPN-on-Windows-without-VPN-as-Default-Gateway In Linux you will need to set up source address routing: Then to override the VPN as default IPv4 default gateway in Linux using "ip", something like: sudo ip -4 route add 0.0.0.0/2 via 192.168.1.1 dev eno2 sudo ip -4 route add 62.0.0.0/2 via 192.168.1.1 dev eno2 sudo ip -4 route add 128.0.0.0/2 via 192.168.1.1 dev eno2 sudo ip -4 route add 192.0.0.0/2 via 192.168.1.1 dev eno2 Thank you @NaDre , but I was trying to figure out how the Eddie's route tunneling feature works itself. Quote I don't use Eddie. Maybe you could try: 0.0.0.0/2 64.0.0.0/2 128.0.0.0/2 192.0.0.0/2 Thanks for the recommendation, no luck unfortunately. On 4/7/2022 at 4:22 PM, OpenSourcerer said: I'm sorry, this doesn't make sense. If you don't want any traffic routed through the VPN, don't connect to the VPN. Can you elaborate on the exact use case for what you're trying to do? Testing if Eddie's route tunneling works. The simplest rule of all is the "exclude all". After you exclude all, you build up with the specific inclusive rules. Quote Share this post Link to post
OpenSourcerer 1435 Posted ... 1 hour ago, lpav said: Testing if Eddie's route tunneling works. The simplest rule of all is the "exclude all". After you exclude all, you build up with the specific inclusive rules. So, your use case is to route only specific traffic through the VPN? Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
lpav 2 Posted ... On 4/21/2022 at 9:44 AM, OpenSourcerer said: So, your use case is to route only specific traffic through the VPN? Yes. Is there another use case for the routes setting? Quote Share this post Link to post
NaDre 157 Posted ... I think OpenSourcerer just wants other people reading this (maybe much later) to understand the point of the conversation. Quote Share this post Link to post
OpenSourcerer 1435 Posted ... 5 hours ago, lpav said: Yes. Is there another use case for the routes setting? The use case is actually to route specific traffic outside the VPN while connected, since OpenVPN occupies the default route (i.e., routing all traffic through the VPN is the default), and Eddie does not include a setting to prevent OpenVPN from setting it. Yes, I know there is a setting for "Inside tunnel" when you create an entry there, but I've been wondering myself what the purpose of this option is without a "Don't set default route" setting. But I would've directed you to the same GitHub repo NaDre did: You need to prevent OpenVPN from softly overriding the default route, then you can set specific routes to be routed inside the VPN (and this setting would probably make sense, then). 4 hours ago, NaDre said: I think OpenSourcerer just wants other people reading this (maybe much later) to understand the point of the conversation. I'd write "I sensed the XY problem appearing", but it's far simpler: I was struggling to understand what the goal was. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
lpav 2 Posted ... We are probably getting a bit off-topic here, but since mentioned, has anyone tried to modify the openvpn settings used by Eddie? Quote Share this post Link to post
Not connected, Your IP: 18.190.153.77
Online: 26177 users - 335723 Mbit/s total BW