Subscribe now and choose from over 30 free gifts worth up to £49 - Plus get £25 to spend in our shop
I understand the basic theory of routing tables, but when I do 'route -n' in Ubuntu it prints a huge list of routes to what look like internet addresses. Some via the wlan if but most via the vpn. Is it somehow adding a specific route each time I visit a site or something? However when I do a traceroute it all seems to be going via the internet not through the IP associated with tun0 which is the virtual if.
The reason I checked though is that I now want to use a second vpn via openvpn, to a 10.x network but none of my 10.x traffic gets through and all my internet traffic tries to go that way.. grrr..
Some via the wlan if but most via the vpn. Is it somehow adding a specific route each time I visit a site or something?
More likely that the VPN creates them when it starts.
You can just delete and re-add the routes and specify the interface you want them to use....
NB Don't try changing routes remotely on a server farm in Utah from your desk in Cambridge, I managed to shut down the Ethernet interface by accident on a customer's server the other day!
They weren't that impressed as someone had a 4 hr round trip to reboot it....
2 VPNs from one client at the same time = world of pain with routing and further up the stack (DNS etc.). That's assuming the vpn policies allow split tunnelling. You could also be inadvertently creating a bridge between the two which is probably verboeten.
I suspect your default route will be the last VPN established, and thats where your internet traffic is going. You'll have to tracert the 10.x.x.x traffic to see where it's getting binned.
The ip address for the second vpn gateway is only accessible via the first one.... Apparently this works fine for other team members. But they'll be on Mac or Windows probably.
I think this company has an unusual arrangement for its intranet that might give away who I actually work for if I explain 🙂
If I connect to the second vpn and try a traceroute to here, I get nothing but asterisks.
You could also be inadvertently creating a bridge between the two which is probably verboeten.
Lots of VPN clients shut down all the other interfaces to prevent this (on Windoze), not seen one do it on Linux yet.....
What does this line mean?
[code]0.0.0.0 192.168.8.57 0.0.0.0 UG 0 0 0 tun1[/code]
Cos this seems to be the issue. If I connect with the network manager gui thing I get this, and if I use the command line I don't get this line and it works.
That sounds like an internal VPN to hit a a management segment. Common and good practice. But when I do it, I do it from a jump box (VPN to network, RDP/SSH to jump box, VPN again from there) and usually get my 3rd factors mixed up and drive to the office in disgust 🙂
But thats because there is physical separation and the jump boxes are the only ones with a foot in both networks.
That table entry says your default route is 192.168.8.57 and it's up, using interface tun1
I'm sure you've got a reason but why exactly are you using a linux client? For lulz is a perfectly acceptable reason of course 🙂
I don't get why the destination and mask are both 0.0.0.0? Surely that equates to nothing?
I am using Linux primarly for the lulz yes as you put it - got fed up of Windows taking 30 mins to come out of hibernate thanks to mandatory PGP disk encryption so I went to Linux for my primary workstation as a bit of a project. Made harder by the fact I didn't want the company's ready made Linux build 🙂
I'm neither a Linux nor a network guru, but that looks like a default gateway to me. Ie, if traffic doesn't match any other explicit rules first, then it gets dumped to 192.168.8.57.
But I may be talking pish, so ignore me.
AFAIK the 0.0.0.0 is another way of writing default.
I'd guess that rather than being the default applied by the network config on the host it could be applied by the vpn policy.
Could you post up more of the routing table?
given you get this only when you connect via the gui I wonder if theres a "use this as default" tick box option hidden somewhere that you dont have when using the commandline
I thought it normally says default on Linux eg
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.151.15.0 * 255.255.255.252 U 0 0 0 eth1
default 10.151.15.1 0.0.0.0 UG 100 0 0 eth1
Right.. all I had to do was go into the 'routes' dialogue and select 'use this connection for resources on its own network only'.
Makes sense... but it's a bit well hidden given its importance. Thanks folks.
That sounds suspiciously like enabling split tunneling :s
Does sound like a split tunnel config. MG, that means that the client is being more specific about where it routes traffic, and omits tunnelling traffic if it thinks it should head in another direction.
Is this an inbuilt Ubuntu VPN client?
BTW, syntax for adding a route in Linux is usually:
route add -net (subnet) netmask (mask) gw (gateway)
So, to add a route to 172.16.0.0 /16 via 192.168.10.1;
route add -net 172.16.0.0 netmask 255.255.0.0 gw 192.168.10.1
Think of 0.0.0.0 as a wild card - any destination network with any netmask.. if you don't know what to do with it stuff it down this pipe.
I thought it normally says default on Linux eg
Depends on the distro and age I think. Pretty sure I've seen both. My Ubuntu laptop says default for dest and 0.0.0.0 for genmask.
Well marvellous.
It was working fine, now it's packed up again for no apparent reason.
PS - route is in fact deprecated, should use ip r (RedHat/CentOS at least)
Don't know a single person who does 🙂
It was working fine, now it's packed up again for no apparent reason.
I'm blaming Network Manager. It's the McAffee of the linux world.
Bet it's just revoked all your changes for no discernible reason.
Incidentally VPN is to access my shiny new [url= http://singletrackworld.com/forum/topic/big-data ]hadoop cluster[/url]. Of course now I need to upload some big data, so I'm off to somewhere with a decent connection ie not my house 🙂