Viewing 20 posts - 1 through 20 (of 20 total)
  • Can anyone help me with routing on Linux
  • molgrips
    Free Member

    I understand the basic theory of routing tables, but when I do ‘route -n’ in Ubuntu it prints a huge list of routes to what look like internet addresses. Some via the wlan if but most via the vpn. Is it somehow adding a specific route each time I visit a site or something? However when I do a traceroute it all seems to be going via the internet not through the IP associated with tun0 which is the virtual if.

    The reason I checked though is that I now want to use a second vpn via openvpn, to a 10.x network but none of my 10.x traffic gets through and all my internet traffic tries to go that way.. grrr..

    footflaps
    Full Member

    Some via the wlan if but most via the vpn. Is it somehow adding a specific route each time I visit a site or something?

    More likely that the VPN creates them when it starts.

    You can just delete and re-add the routes and specify the interface you want them to use….

    footflaps
    Full Member

    NB Don’t try changing routes remotely on a server farm in Utah from your desk in Cambridge, I managed to shut down the Ethernet interface by accident on a customer’s server the other day!

    They weren’t that impressed as someone had a 4 hr round trip to reboot it….

    Fresh Goods Friday 696: The Middling Edition

    Fresh Goods Friday 696: The Middlin...
    Latest Singletrack Videos
    brassneck
    Full Member

    2 VPNs from one client at the same time = world of pain with routing and further up the stack (DNS etc.). That’s assuming the vpn policies allow split tunnelling. You could also be inadvertently creating a bridge between the two which is probably verboeten.

    I suspect your default route will be the last VPN established, and thats where your internet traffic is going. You’ll have to tracert the 10.x.x.x traffic to see where it’s getting binned.

    molgrips
    Free Member

    The ip address for the second vpn gateway is only accessible via the first one…. Apparently this works fine for other team members. But they’ll be on Mac or Windows probably.

    I think this company has an unusual arrangement for its intranet that might give away who I actually work for if I explain 🙂

    If I connect to the second vpn and try a traceroute to here, I get nothing but asterisks.

    footflaps
    Full Member

    You could also be inadvertently creating a bridge between the two which is probably verboeten.

    Lots of VPN clients shut down all the other interfaces to prevent this (on Windoze), not seen one do it on Linux yet…..

    molgrips
    Free Member

    What does this line mean?

    0.0.0.0 192.168.8.57 0.0.0.0 UG 0 0 0 tun1

    Cos this seems to be the issue. If I connect with the network manager gui thing I get this, and if I use the command line I don’t get this line and it works.

    brassneck
    Full Member

    That sounds like an internal VPN to hit a a management segment. Common and good practice. But when I do it, I do it from a jump box (VPN to network, RDP/SSH to jump box, VPN again from there) and usually get my 3rd factors mixed up and drive to the office in disgust 🙂

    But thats because there is physical separation and the jump boxes are the only ones with a foot in both networks.

    That table entry says your default route is 192.168.8.57 and it’s up, using interface tun1

    I’m sure you’ve got a reason but why exactly are you using a linux client? For lulz is a perfectly acceptable reason of course 🙂

    molgrips
    Free Member

    I don’t get why the destination and mask are both 0.0.0.0? Surely that equates to nothing?

    I am using Linux primarly for the lulz yes as you put it – got fed up of Windows taking 30 mins to come out of hibernate thanks to mandatory PGP disk encryption so I went to Linux for my primary workstation as a bit of a project. Made harder by the fact I didn’t want the company’s ready made Linux build 🙂

    Cougar
    Full Member

    I’m neither a Linux nor a network guru, but that looks like a default gateway to me. Ie, if traffic doesn’t match any other explicit rules first, then it gets dumped to 192.168.8.57.

    But I may be talking pish, so ignore me.

    eep
    Full Member

    AFAIK the 0.0.0.0 is another way of writing default.

    I’d guess that rather than being the default applied by the network config on the host it could be applied by the vpn policy.

    Could you post up more of the routing table?

    given you get this only when you connect via the gui I wonder if theres a “use this as default” tick box option hidden somewhere that you dont have when using the commandline

    footflaps
    Full Member

    I thought it normally says default on Linux eg

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    10.151.15.0 * 255.255.255.252 U 0 0 0 eth1
    default 10.151.15.1 0.0.0.0 UG 100 0 0 eth1

    molgrips
    Free Member

    Right.. all I had to do was go into the ‘routes’ dialogue and select ‘use this connection for resources on its own network only’.

    Makes sense… but it’s a bit well hidden given its importance. Thanks folks.

    scaled
    Free Member

    That sounds suspiciously like enabling split tunneling :s

    codybrennan
    Free Member

    Does sound like a split tunnel config. MG, that means that the client is being more specific about where it routes traffic, and omits tunnelling traffic if it thinks it should head in another direction.

    Is this an inbuilt Ubuntu VPN client?

    BTW, syntax for adding a route in Linux is usually:

    route add -net (subnet) netmask (mask) gw (gateway)

    So, to add a route to 172.16.0.0 /16 via 192.168.10.1;

    route add -net 172.16.0.0 netmask 255.255.0.0 gw 192.168.10.1

    brassneck
    Full Member

    Think of 0.0.0.0 as a wild card – any destination network with any netmask.. if you don’t know what to do with it stuff it down this pipe.

    I thought it normally says default on Linux eg

    Depends on the distro and age I think. Pretty sure I’ve seen both. My Ubuntu laptop says default for dest and 0.0.0.0 for genmask.

    molgrips
    Free Member

    Well marvellous.

    It was working fine, now it’s packed up again for no apparent reason.

    brassneck
    Full Member

    PS – route is in fact deprecated, should use ip r (RedHat/CentOS at least)

    Don’t know a single person who does 🙂

    brassneck
    Full Member

    It was working fine, now it’s packed up again for no apparent reason.

    I’m blaming Network Manager. It’s the McAffee of the linux world.

    Bet it’s just revoked all your changes for no discernible reason.

    molgrips
    Free Member

    Incidentally VPN is to access my shiny new hadoop cluster. Of course now I need to upload some big data, so I’m off to somewhere with a decent connection ie not my house 🙂

Viewing 20 posts - 1 through 20 (of 20 total)

The topic ‘Can anyone help me with routing on Linux’ is closed to new replies.