Separate traffic between two tun+ devices with openvpnIptables forward with pptp and openvpnip6tables allow IPv6 traffic from OpenVPN through my VPSOpenVPN - Understand the routing table + How to route only the traffic to a specific ip via the VPNHow to create/setup vpn using only SSH?OpenVPN server with public ip forward incoming to client on tun0route traffic on certain port through certain interface?Routing traffic to my ipv4 routes except 0.0.0.0 address?How to route traffic from ethernet to a tun device (create a VPNed ethernet port)NAT ETH1 PORT 5000 Traffic to PPP0Client based routing on a gateway
What problems would a superhuman have who's skin is constantly hot?
Outlet with 3 sets of wires
Is it a Cyclops number? "Nobody" knows!
What will happen if my luggage gets delayed?
Why do we say ‘pairwise disjoint’, rather than ‘disjoint’?
Rationale to prefer local variables over instance variables?
Haman going to the second feast dirty
What do you call someone who likes to pick fights?
Having the player face themselves after the mid-game
Called into a meeting and told we are being made redundant (laid off) and "not to share outside". Can I tell my partner?
What materials can be used to make a humanoid skin warm?
Is divide-by-zero a security vulnerability?
Source permutation
Professor forcing me to attend a conference, I can't afford even with 50% funding
Signed and unsigned numbers
Expressing logarithmic equations without logs
Confusion about Complex Continued Fraction
For which categories of spectra is there an explicit description of the fibrant objects via lifting properties?
In the late 1940’s to early 1950’s what technology was available that could melt a LOT of ice?
Windows Server Datacenter Edition - Unlimited Virtual Machines
How to write a chaotic neutral protagonist and prevent my readers from thinking they are evil?
Why restrict private health insurance?
Why does cron require MTA for logging?
Why do phishing e-mails use faked e-mail addresses instead of the real one?
Separate traffic between two tun+ devices with openvpn
Iptables forward with pptp and openvpnip6tables allow IPv6 traffic from OpenVPN through my VPSOpenVPN - Understand the routing table + How to route only the traffic to a specific ip via the VPNHow to create/setup vpn using only SSH?OpenVPN server with public ip forward incoming to client on tun0route traffic on certain port through certain interface?Routing traffic to my ipv4 routes except 0.0.0.0 address?How to route traffic from ethernet to a tun device (create a VPNed ethernet port)NAT ETH1 PORT 5000 Traffic to PPP0Client based routing on a gateway
I'm running two OpenVPN clients, so I have two tun
interfaces configured.
Each of the tun
interfaces has a different subnet. One of the interfaces, let's say tun1
has a default route, so most of my traffic goes through there.
My tun0
interface however, does not have a default route, so only packets to it's subnet are routed through this interface.
The problem is that packets that are supposed to go through tun0
=> eth0
, are going through tun0
=> tun1
=> eth0
. This does make sense, because tun1
is used as a default device.
How can I prevent packets in my private network from being routed through both VPNs and make them routed only through one of the VPNs?
Update:
Here is my current routing table:
0.0.0.0/1 via 10.4.102.81 dev tun1
default via 192.168.10.1 dev eth0 proto static
10.4.0.1 via 10.4.102.81 dev tun1
10.4.102.81 dev tun1 proto kernel scope link src 10.4.102.82
10.176.128.0/18 via 172.29.2.77 dev tun0
10.177.0.0/18 via 172.29.2.77 dev tun0
10.177.128.0/18 via 172.29.2.77 dev tun0
10.178.0.0/16 via 172.29.2.77 dev tun0
10.179.0.0/16 via 172.29.2.77 dev tun0
10.180.0.0/16 via 172.29.2.77 dev tun0
10.181.0.0/16 via 172.29.2.77 dev tun0
10.183.0.0/16 via 172.29.2.77 dev tun0
46.165.208.65 via 192.168.10.1 dev eth0
128.0.0.0/1 via 10.4.102.81 dev tun1
172.29.0.0/22 via 172.29.2.77 dev tun0
172.29.2.77 dev tun0 proto kernel scope link src 172.29.2.78
172.31.0.0/22 via 172.29.2.77 dev tun0
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.76 metric 1
openvpn route
bumped to the homepage by Community♦ 5 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I'm running two OpenVPN clients, so I have two tun
interfaces configured.
Each of the tun
interfaces has a different subnet. One of the interfaces, let's say tun1
has a default route, so most of my traffic goes through there.
My tun0
interface however, does not have a default route, so only packets to it's subnet are routed through this interface.
The problem is that packets that are supposed to go through tun0
=> eth0
, are going through tun0
=> tun1
=> eth0
. This does make sense, because tun1
is used as a default device.
How can I prevent packets in my private network from being routed through both VPNs and make them routed only through one of the VPNs?
Update:
Here is my current routing table:
0.0.0.0/1 via 10.4.102.81 dev tun1
default via 192.168.10.1 dev eth0 proto static
10.4.0.1 via 10.4.102.81 dev tun1
10.4.102.81 dev tun1 proto kernel scope link src 10.4.102.82
10.176.128.0/18 via 172.29.2.77 dev tun0
10.177.0.0/18 via 172.29.2.77 dev tun0
10.177.128.0/18 via 172.29.2.77 dev tun0
10.178.0.0/16 via 172.29.2.77 dev tun0
10.179.0.0/16 via 172.29.2.77 dev tun0
10.180.0.0/16 via 172.29.2.77 dev tun0
10.181.0.0/16 via 172.29.2.77 dev tun0
10.183.0.0/16 via 172.29.2.77 dev tun0
46.165.208.65 via 192.168.10.1 dev eth0
128.0.0.0/1 via 10.4.102.81 dev tun1
172.29.0.0/22 via 172.29.2.77 dev tun0
172.29.2.77 dev tun0 proto kernel scope link src 172.29.2.78
172.31.0.0/22 via 172.29.2.77 dev tun0
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.76 metric 1
openvpn route
bumped to the homepage by Community♦ 5 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
1
Can you post your routes (=output ofip r
) and the subnet IPs, please?
– jofel
Jun 6 '14 at 11:25
What is the source and destination of the traffic that's routing through the tunnels?
– Matt
Jun 6 '14 at 12:12
tun1 not has default route. 0.0.0.0/1 - just half of all ipv4 diapason.
– mr_tron
Jun 6 '14 at 13:29
Yes that is the first line, then I have 128.0.0.0/1 via 10.4.102.81 dev tun1 for the second half
– simao
Jun 6 '14 at 14:19
add a comment |
I'm running two OpenVPN clients, so I have two tun
interfaces configured.
Each of the tun
interfaces has a different subnet. One of the interfaces, let's say tun1
has a default route, so most of my traffic goes through there.
My tun0
interface however, does not have a default route, so only packets to it's subnet are routed through this interface.
The problem is that packets that are supposed to go through tun0
=> eth0
, are going through tun0
=> tun1
=> eth0
. This does make sense, because tun1
is used as a default device.
How can I prevent packets in my private network from being routed through both VPNs and make them routed only through one of the VPNs?
Update:
Here is my current routing table:
0.0.0.0/1 via 10.4.102.81 dev tun1
default via 192.168.10.1 dev eth0 proto static
10.4.0.1 via 10.4.102.81 dev tun1
10.4.102.81 dev tun1 proto kernel scope link src 10.4.102.82
10.176.128.0/18 via 172.29.2.77 dev tun0
10.177.0.0/18 via 172.29.2.77 dev tun0
10.177.128.0/18 via 172.29.2.77 dev tun0
10.178.0.0/16 via 172.29.2.77 dev tun0
10.179.0.0/16 via 172.29.2.77 dev tun0
10.180.0.0/16 via 172.29.2.77 dev tun0
10.181.0.0/16 via 172.29.2.77 dev tun0
10.183.0.0/16 via 172.29.2.77 dev tun0
46.165.208.65 via 192.168.10.1 dev eth0
128.0.0.0/1 via 10.4.102.81 dev tun1
172.29.0.0/22 via 172.29.2.77 dev tun0
172.29.2.77 dev tun0 proto kernel scope link src 172.29.2.78
172.31.0.0/22 via 172.29.2.77 dev tun0
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.76 metric 1
openvpn route
I'm running two OpenVPN clients, so I have two tun
interfaces configured.
Each of the tun
interfaces has a different subnet. One of the interfaces, let's say tun1
has a default route, so most of my traffic goes through there.
My tun0
interface however, does not have a default route, so only packets to it's subnet are routed through this interface.
The problem is that packets that are supposed to go through tun0
=> eth0
, are going through tun0
=> tun1
=> eth0
. This does make sense, because tun1
is used as a default device.
How can I prevent packets in my private network from being routed through both VPNs and make them routed only through one of the VPNs?
Update:
Here is my current routing table:
0.0.0.0/1 via 10.4.102.81 dev tun1
default via 192.168.10.1 dev eth0 proto static
10.4.0.1 via 10.4.102.81 dev tun1
10.4.102.81 dev tun1 proto kernel scope link src 10.4.102.82
10.176.128.0/18 via 172.29.2.77 dev tun0
10.177.0.0/18 via 172.29.2.77 dev tun0
10.177.128.0/18 via 172.29.2.77 dev tun0
10.178.0.0/16 via 172.29.2.77 dev tun0
10.179.0.0/16 via 172.29.2.77 dev tun0
10.180.0.0/16 via 172.29.2.77 dev tun0
10.181.0.0/16 via 172.29.2.77 dev tun0
10.183.0.0/16 via 172.29.2.77 dev tun0
46.165.208.65 via 192.168.10.1 dev eth0
128.0.0.0/1 via 10.4.102.81 dev tun1
172.29.0.0/22 via 172.29.2.77 dev tun0
172.29.2.77 dev tun0 proto kernel scope link src 172.29.2.78
172.31.0.0/22 via 172.29.2.77 dev tun0
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.76 metric 1
openvpn route
openvpn route
edited Jun 6 '14 at 12:40
simao
asked Jun 6 '14 at 9:50
simaosimao
15416
15416
bumped to the homepage by Community♦ 5 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 5 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
1
Can you post your routes (=output ofip r
) and the subnet IPs, please?
– jofel
Jun 6 '14 at 11:25
What is the source and destination of the traffic that's routing through the tunnels?
– Matt
Jun 6 '14 at 12:12
tun1 not has default route. 0.0.0.0/1 - just half of all ipv4 diapason.
– mr_tron
Jun 6 '14 at 13:29
Yes that is the first line, then I have 128.0.0.0/1 via 10.4.102.81 dev tun1 for the second half
– simao
Jun 6 '14 at 14:19
add a comment |
1
Can you post your routes (=output ofip r
) and the subnet IPs, please?
– jofel
Jun 6 '14 at 11:25
What is the source and destination of the traffic that's routing through the tunnels?
– Matt
Jun 6 '14 at 12:12
tun1 not has default route. 0.0.0.0/1 - just half of all ipv4 diapason.
– mr_tron
Jun 6 '14 at 13:29
Yes that is the first line, then I have 128.0.0.0/1 via 10.4.102.81 dev tun1 for the second half
– simao
Jun 6 '14 at 14:19
1
1
Can you post your routes (=output of
ip r
) and the subnet IPs, please?– jofel
Jun 6 '14 at 11:25
Can you post your routes (=output of
ip r
) and the subnet IPs, please?– jofel
Jun 6 '14 at 11:25
What is the source and destination of the traffic that's routing through the tunnels?
– Matt
Jun 6 '14 at 12:12
What is the source and destination of the traffic that's routing through the tunnels?
– Matt
Jun 6 '14 at 12:12
tun1 not has default route. 0.0.0.0/1 - just half of all ipv4 diapason.
– mr_tron
Jun 6 '14 at 13:29
tun1 not has default route. 0.0.0.0/1 - just half of all ipv4 diapason.
– mr_tron
Jun 6 '14 at 13:29
Yes that is the first line, then I have 128.0.0.0/1 via 10.4.102.81 dev tun1 for the second half
– simao
Jun 6 '14 at 14:19
Yes that is the first line, then I have 128.0.0.0/1 via 10.4.102.81 dev tun1 for the second half
– simao
Jun 6 '14 at 14:19
add a comment |
1 Answer
1
active
oldest
votes
You should add a route for the remote VPN servers (the tun0 one):
ip add route $ip_of_the_vpn_server via 192.168.10.1 dev eth0
or more generically:
ip add route $(ip route get $ip_of_the_vpn_server | head -n1)
before starting the VPN.
This will ensure that all packets to this VPN server will be sent by your non-VPN-default route.
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f134823%2fseparate-traffic-between-two-tun-devices-with-openvpn%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You should add a route for the remote VPN servers (the tun0 one):
ip add route $ip_of_the_vpn_server via 192.168.10.1 dev eth0
or more generically:
ip add route $(ip route get $ip_of_the_vpn_server | head -n1)
before starting the VPN.
This will ensure that all packets to this VPN server will be sent by your non-VPN-default route.
add a comment |
You should add a route for the remote VPN servers (the tun0 one):
ip add route $ip_of_the_vpn_server via 192.168.10.1 dev eth0
or more generically:
ip add route $(ip route get $ip_of_the_vpn_server | head -n1)
before starting the VPN.
This will ensure that all packets to this VPN server will be sent by your non-VPN-default route.
add a comment |
You should add a route for the remote VPN servers (the tun0 one):
ip add route $ip_of_the_vpn_server via 192.168.10.1 dev eth0
or more generically:
ip add route $(ip route get $ip_of_the_vpn_server | head -n1)
before starting the VPN.
This will ensure that all packets to this VPN server will be sent by your non-VPN-default route.
You should add a route for the remote VPN servers (the tun0 one):
ip add route $ip_of_the_vpn_server via 192.168.10.1 dev eth0
or more generically:
ip add route $(ip route get $ip_of_the_vpn_server | head -n1)
before starting the VPN.
This will ensure that all packets to this VPN server will be sent by your non-VPN-default route.
answered Jun 12 '14 at 21:57
ysdxysdx
1,222913
1,222913
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f134823%2fseparate-traffic-between-two-tun-devices-with-openvpn%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
-openvpn, route
1
Can you post your routes (=output of
ip r
) and the subnet IPs, please?– jofel
Jun 6 '14 at 11:25
What is the source and destination of the traffic that's routing through the tunnels?
– Matt
Jun 6 '14 at 12:12
tun1 not has default route. 0.0.0.0/1 - just half of all ipv4 diapason.
– mr_tron
Jun 6 '14 at 13:29
Yes that is the first line, then I have 128.0.0.0/1 via 10.4.102.81 dev tun1 for the second half
– simao
Jun 6 '14 at 14:19