Separate traffic between two tun+ devices with openvpnIptables forward with pptp and openvpnip6tables allow IPv6 traffic from OpenVPN through my VPSOpenVPN - Understand the routing table + How to route only the traffic to a specific ip via the VPNHow to create/setup vpn using only SSH?OpenVPN server with public ip forward incoming to client on tun0route traffic on certain port through certain interface?Routing traffic to my ipv4 routes except 0.0.0.0 address?How to route traffic from ethernet to a tun device (create a VPNed ethernet port)NAT ETH1 PORT 5000 Traffic to PPP0Client based routing on a gateway

What problems would a superhuman have who's skin is constantly hot?

Outlet with 3 sets of wires

Is it a Cyclops number? "Nobody" knows!

What will happen if my luggage gets delayed?

Why do we say ‘pairwise disjoint’, rather than ‘disjoint’?

Rationale to prefer local variables over instance variables?

Haman going to the second feast dirty

What do you call someone who likes to pick fights?

Having the player face themselves after the mid-game

Called into a meeting and told we are being made redundant (laid off) and "not to share outside". Can I tell my partner?

What materials can be used to make a humanoid skin warm?

Is divide-by-zero a security vulnerability?

Source permutation

Professor forcing me to attend a conference, I can't afford even with 50% funding

Signed and unsigned numbers

Expressing logarithmic equations without logs

Confusion about Complex Continued Fraction

For which categories of spectra is there an explicit description of the fibrant objects via lifting properties?

In the late 1940’s to early 1950’s what technology was available that could melt a LOT of ice?

Windows Server Datacenter Edition - Unlimited Virtual Machines

How to write a chaotic neutral protagonist and prevent my readers from thinking they are evil?

Why restrict private health insurance?

Why does cron require MTA for logging?

Why do phishing e-mails use faked e-mail addresses instead of the real one?



Separate traffic between two tun+ devices with openvpn


Iptables forward with pptp and openvpnip6tables allow IPv6 traffic from OpenVPN through my VPSOpenVPN - Understand the routing table + How to route only the traffic to a specific ip via the VPNHow to create/setup vpn using only SSH?OpenVPN server with public ip forward incoming to client on tun0route traffic on certain port through certain interface?Routing traffic to my ipv4 routes except 0.0.0.0 address?How to route traffic from ethernet to a tun device (create a VPNed ethernet port)NAT ETH1 PORT 5000 Traffic to PPP0Client based routing on a gateway













0















I'm running two OpenVPN clients, so I have two tun interfaces configured.



Each of the tun interfaces has a different subnet. One of the interfaces, let's say tun1 has a default route, so most of my traffic goes through there.



My tun0 interface however, does not have a default route, so only packets to it's subnet are routed through this interface.



The problem is that packets that are supposed to go through tun0 => eth0, are going through tun0 => tun1 => eth0. This does make sense, because tun1 is used as a default device.



How can I prevent packets in my private network from being routed through both VPNs and make them routed only through one of the VPNs?



Update:



Here is my current routing table:



0.0.0.0/1 via 10.4.102.81 dev tun1 
default via 192.168.10.1 dev eth0 proto static
10.4.0.1 via 10.4.102.81 dev tun1
10.4.102.81 dev tun1 proto kernel scope link src 10.4.102.82
10.176.128.0/18 via 172.29.2.77 dev tun0
10.177.0.0/18 via 172.29.2.77 dev tun0
10.177.128.0/18 via 172.29.2.77 dev tun0
10.178.0.0/16 via 172.29.2.77 dev tun0
10.179.0.0/16 via 172.29.2.77 dev tun0
10.180.0.0/16 via 172.29.2.77 dev tun0
10.181.0.0/16 via 172.29.2.77 dev tun0
10.183.0.0/16 via 172.29.2.77 dev tun0
46.165.208.65 via 192.168.10.1 dev eth0
128.0.0.0/1 via 10.4.102.81 dev tun1
172.29.0.0/22 via 172.29.2.77 dev tun0
172.29.2.77 dev tun0 proto kernel scope link src 172.29.2.78
172.31.0.0/22 via 172.29.2.77 dev tun0
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.76 metric 1









share|improve this question
















bumped to the homepage by Community 5 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.










  • 1





    Can you post your routes (=output of ip r) and the subnet IPs, please?

    – jofel
    Jun 6 '14 at 11:25











  • What is the source and destination of the traffic that's routing through the tunnels?

    – Matt
    Jun 6 '14 at 12:12











  • tun1 not has default route. 0.0.0.0/1 - just half of all ipv4 diapason.

    – mr_tron
    Jun 6 '14 at 13:29











  • Yes that is the first line, then I have 128.0.0.0/1 via 10.4.102.81 dev tun1 for the second half

    – simao
    Jun 6 '14 at 14:19















0















I'm running two OpenVPN clients, so I have two tun interfaces configured.



Each of the tun interfaces has a different subnet. One of the interfaces, let's say tun1 has a default route, so most of my traffic goes through there.



My tun0 interface however, does not have a default route, so only packets to it's subnet are routed through this interface.



The problem is that packets that are supposed to go through tun0 => eth0, are going through tun0 => tun1 => eth0. This does make sense, because tun1 is used as a default device.



How can I prevent packets in my private network from being routed through both VPNs and make them routed only through one of the VPNs?



Update:



Here is my current routing table:



0.0.0.0/1 via 10.4.102.81 dev tun1 
default via 192.168.10.1 dev eth0 proto static
10.4.0.1 via 10.4.102.81 dev tun1
10.4.102.81 dev tun1 proto kernel scope link src 10.4.102.82
10.176.128.0/18 via 172.29.2.77 dev tun0
10.177.0.0/18 via 172.29.2.77 dev tun0
10.177.128.0/18 via 172.29.2.77 dev tun0
10.178.0.0/16 via 172.29.2.77 dev tun0
10.179.0.0/16 via 172.29.2.77 dev tun0
10.180.0.0/16 via 172.29.2.77 dev tun0
10.181.0.0/16 via 172.29.2.77 dev tun0
10.183.0.0/16 via 172.29.2.77 dev tun0
46.165.208.65 via 192.168.10.1 dev eth0
128.0.0.0/1 via 10.4.102.81 dev tun1
172.29.0.0/22 via 172.29.2.77 dev tun0
172.29.2.77 dev tun0 proto kernel scope link src 172.29.2.78
172.31.0.0/22 via 172.29.2.77 dev tun0
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.76 metric 1









share|improve this question
















bumped to the homepage by Community 5 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.










  • 1





    Can you post your routes (=output of ip r) and the subnet IPs, please?

    – jofel
    Jun 6 '14 at 11:25











  • What is the source and destination of the traffic that's routing through the tunnels?

    – Matt
    Jun 6 '14 at 12:12











  • tun1 not has default route. 0.0.0.0/1 - just half of all ipv4 diapason.

    – mr_tron
    Jun 6 '14 at 13:29











  • Yes that is the first line, then I have 128.0.0.0/1 via 10.4.102.81 dev tun1 for the second half

    – simao
    Jun 6 '14 at 14:19













0












0








0








I'm running two OpenVPN clients, so I have two tun interfaces configured.



Each of the tun interfaces has a different subnet. One of the interfaces, let's say tun1 has a default route, so most of my traffic goes through there.



My tun0 interface however, does not have a default route, so only packets to it's subnet are routed through this interface.



The problem is that packets that are supposed to go through tun0 => eth0, are going through tun0 => tun1 => eth0. This does make sense, because tun1 is used as a default device.



How can I prevent packets in my private network from being routed through both VPNs and make them routed only through one of the VPNs?



Update:



Here is my current routing table:



0.0.0.0/1 via 10.4.102.81 dev tun1 
default via 192.168.10.1 dev eth0 proto static
10.4.0.1 via 10.4.102.81 dev tun1
10.4.102.81 dev tun1 proto kernel scope link src 10.4.102.82
10.176.128.0/18 via 172.29.2.77 dev tun0
10.177.0.0/18 via 172.29.2.77 dev tun0
10.177.128.0/18 via 172.29.2.77 dev tun0
10.178.0.0/16 via 172.29.2.77 dev tun0
10.179.0.0/16 via 172.29.2.77 dev tun0
10.180.0.0/16 via 172.29.2.77 dev tun0
10.181.0.0/16 via 172.29.2.77 dev tun0
10.183.0.0/16 via 172.29.2.77 dev tun0
46.165.208.65 via 192.168.10.1 dev eth0
128.0.0.0/1 via 10.4.102.81 dev tun1
172.29.0.0/22 via 172.29.2.77 dev tun0
172.29.2.77 dev tun0 proto kernel scope link src 172.29.2.78
172.31.0.0/22 via 172.29.2.77 dev tun0
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.76 metric 1









share|improve this question
















I'm running two OpenVPN clients, so I have two tun interfaces configured.



Each of the tun interfaces has a different subnet. One of the interfaces, let's say tun1 has a default route, so most of my traffic goes through there.



My tun0 interface however, does not have a default route, so only packets to it's subnet are routed through this interface.



The problem is that packets that are supposed to go through tun0 => eth0, are going through tun0 => tun1 => eth0. This does make sense, because tun1 is used as a default device.



How can I prevent packets in my private network from being routed through both VPNs and make them routed only through one of the VPNs?



Update:



Here is my current routing table:



0.0.0.0/1 via 10.4.102.81 dev tun1 
default via 192.168.10.1 dev eth0 proto static
10.4.0.1 via 10.4.102.81 dev tun1
10.4.102.81 dev tun1 proto kernel scope link src 10.4.102.82
10.176.128.0/18 via 172.29.2.77 dev tun0
10.177.0.0/18 via 172.29.2.77 dev tun0
10.177.128.0/18 via 172.29.2.77 dev tun0
10.178.0.0/16 via 172.29.2.77 dev tun0
10.179.0.0/16 via 172.29.2.77 dev tun0
10.180.0.0/16 via 172.29.2.77 dev tun0
10.181.0.0/16 via 172.29.2.77 dev tun0
10.183.0.0/16 via 172.29.2.77 dev tun0
46.165.208.65 via 192.168.10.1 dev eth0
128.0.0.0/1 via 10.4.102.81 dev tun1
172.29.0.0/22 via 172.29.2.77 dev tun0
172.29.2.77 dev tun0 proto kernel scope link src 172.29.2.78
172.31.0.0/22 via 172.29.2.77 dev tun0
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.76 metric 1






openvpn route






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jun 6 '14 at 12:40







simao

















asked Jun 6 '14 at 9:50









simaosimao

15416




15416





bumped to the homepage by Community 5 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







bumped to the homepage by Community 5 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.









  • 1





    Can you post your routes (=output of ip r) and the subnet IPs, please?

    – jofel
    Jun 6 '14 at 11:25











  • What is the source and destination of the traffic that's routing through the tunnels?

    – Matt
    Jun 6 '14 at 12:12











  • tun1 not has default route. 0.0.0.0/1 - just half of all ipv4 diapason.

    – mr_tron
    Jun 6 '14 at 13:29











  • Yes that is the first line, then I have 128.0.0.0/1 via 10.4.102.81 dev tun1 for the second half

    – simao
    Jun 6 '14 at 14:19












  • 1





    Can you post your routes (=output of ip r) and the subnet IPs, please?

    – jofel
    Jun 6 '14 at 11:25











  • What is the source and destination of the traffic that's routing through the tunnels?

    – Matt
    Jun 6 '14 at 12:12











  • tun1 not has default route. 0.0.0.0/1 - just half of all ipv4 diapason.

    – mr_tron
    Jun 6 '14 at 13:29











  • Yes that is the first line, then I have 128.0.0.0/1 via 10.4.102.81 dev tun1 for the second half

    – simao
    Jun 6 '14 at 14:19







1




1





Can you post your routes (=output of ip r) and the subnet IPs, please?

– jofel
Jun 6 '14 at 11:25





Can you post your routes (=output of ip r) and the subnet IPs, please?

– jofel
Jun 6 '14 at 11:25













What is the source and destination of the traffic that's routing through the tunnels?

– Matt
Jun 6 '14 at 12:12





What is the source and destination of the traffic that's routing through the tunnels?

– Matt
Jun 6 '14 at 12:12













tun1 not has default route. 0.0.0.0/1 - just half of all ipv4 diapason.

– mr_tron
Jun 6 '14 at 13:29





tun1 not has default route. 0.0.0.0/1 - just half of all ipv4 diapason.

– mr_tron
Jun 6 '14 at 13:29













Yes that is the first line, then I have 128.0.0.0/1 via 10.4.102.81 dev tun1 for the second half

– simao
Jun 6 '14 at 14:19





Yes that is the first line, then I have 128.0.0.0/1 via 10.4.102.81 dev tun1 for the second half

– simao
Jun 6 '14 at 14:19










1 Answer
1






active

oldest

votes


















0














You should add a route for the remote VPN servers (the tun0 one):



ip add route $ip_of_the_vpn_server via 192.168.10.1 dev eth0


or more generically:



ip add route $(ip route get $ip_of_the_vpn_server | head -n1)


before starting the VPN.



This will ensure that all packets to this VPN server will be sent by your non-VPN-default route.






share|improve this answer






















    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f134823%2fseparate-traffic-between-two-tun-devices-with-openvpn%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    You should add a route for the remote VPN servers (the tun0 one):



    ip add route $ip_of_the_vpn_server via 192.168.10.1 dev eth0


    or more generically:



    ip add route $(ip route get $ip_of_the_vpn_server | head -n1)


    before starting the VPN.



    This will ensure that all packets to this VPN server will be sent by your non-VPN-default route.






    share|improve this answer



























      0














      You should add a route for the remote VPN servers (the tun0 one):



      ip add route $ip_of_the_vpn_server via 192.168.10.1 dev eth0


      or more generically:



      ip add route $(ip route get $ip_of_the_vpn_server | head -n1)


      before starting the VPN.



      This will ensure that all packets to this VPN server will be sent by your non-VPN-default route.






      share|improve this answer

























        0












        0








        0







        You should add a route for the remote VPN servers (the tun0 one):



        ip add route $ip_of_the_vpn_server via 192.168.10.1 dev eth0


        or more generically:



        ip add route $(ip route get $ip_of_the_vpn_server | head -n1)


        before starting the VPN.



        This will ensure that all packets to this VPN server will be sent by your non-VPN-default route.






        share|improve this answer













        You should add a route for the remote VPN servers (the tun0 one):



        ip add route $ip_of_the_vpn_server via 192.168.10.1 dev eth0


        or more generically:



        ip add route $(ip route get $ip_of_the_vpn_server | head -n1)


        before starting the VPN.



        This will ensure that all packets to this VPN server will be sent by your non-VPN-default route.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jun 12 '14 at 21:57









        ysdxysdx

        1,222913




        1,222913



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f134823%2fseparate-traffic-between-two-tun-devices-with-openvpn%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -openvpn, route

            Popular posts from this blog

            Frič See also Navigation menuinternal link

            Identify plant with long narrow paired leaves and reddish stems Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?What is this plant with long sharp leaves? Is it a weed?What is this 3ft high, stalky plant, with mid sized narrow leaves?What is this young shrub with opposite ovate, crenate leaves and reddish stems?What is this plant with large broad serrated leaves?Identify this upright branching weed with long leaves and reddish stemsPlease help me identify this bulbous plant with long, broad leaves and white flowersWhat is this small annual with narrow gray/green leaves and rust colored daisy-type flowers?What is this chilli plant?Does anyone know what type of chilli plant this is?Help identify this plant

            fontconfig warning: “/etc/fonts/fonts.conf”, line 100: unknown “element blank” The 2019 Stack Overflow Developer Survey Results Are In“tar: unrecognized option --warning” during 'apt-get install'How to fix Fontconfig errorHow do I figure out which font file is chosen for a system generic font alias?Why are some apt-get-installed fonts being ignored by fc-list, xfontsel, etc?Reload settings in /etc/fonts/conf.dTaking 30 seconds longer to boot after upgrade from jessie to stretchHow to match multiple font names with a single <match> element?Adding a custom font to fontconfigRemoving fonts from fontconfig <match> resultsBroken fonts after upgrading Firefox ESR to latest Firefox