Ttyjfyk

What problems would a superhuman have who's skin is constantly hot?

Outlet with 3 sets of wires

Is it a Cyclops number? "Nobody" knows!

What will happen if my luggage gets delayed?

Why do we say ‘pairwise disjoint’, rather than ‘disjoint’?

Rationale to prefer local variables over instance variables?

Haman going to the second feast dirty

What do you call someone who likes to pick fights?

Having the player face themselves after the mid-game

Called into a meeting and told we are being made redundant (laid off) and "not to share outside". Can I tell my partner?

What materials can be used to make a humanoid skin warm?

Is divide-by-zero a security vulnerability?

Source permutation

Professor forcing me to attend a conference, I can't afford even with 50% funding

Signed and unsigned numbers

Expressing logarithmic equations without logs

Confusion about Complex Continued Fraction

For which categories of spectra is there an explicit description of the fibrant objects via lifting properties?

In the late 1940’s to early 1950’s what technology was available that could melt a LOT of ice?

Windows Server Datacenter Edition - Unlimited Virtual Machines

How to write a chaotic neutral protagonist and prevent my readers from thinking they are evil?

Why restrict private health insurance?

Why does cron require MTA for logging?

Why do phishing e-mails use faked e-mail addresses instead of the real one?

Separate traffic between two tun+ devices with openvpn

Iptables forward with pptp and openvpnip6tables allow IPv6 traffic from OpenVPN through my VPSOpenVPN - Understand the routing table + How to route only the traffic to a specific ip via the VPNHow to create/setup vpn using only SSH?OpenVPN server with public ip forward incoming to client on tun0route traffic on certain port through certain interface?Routing traffic to my ipv4 routes except 0.0.0.0 address?How to route traffic from ethernet to a tun device (create a VPNed ethernet port)NAT ETH1 PORT 5000 Traffic to PPP0Client based routing on a gateway

0

I'm running two OpenVPN clients, so I have two tun interfaces configured.

Each of the tun interfaces has a different subnet. One of the interfaces, let's say tun1 has a default route, so most of my traffic goes through there.

My tun0 interface however, does not have a default route, so only packets to it's subnet are routed through this interface.

The problem is that packets that are supposed to go through tun0 => eth0, are going through tun0 => tun1 => eth0. This does make sense, because tun1 is used as a default device.

How can I prevent packets in my private network from being routed through both VPNs and make them routed only through one of the VPNs?

Update:

Here is my current routing table:

0.0.0.0/1 via 10.4.102.81 dev tun1 
default via 192.168.10.1 dev eth0 proto static 
10.4.0.1 via 10.4.102.81 dev tun1 
10.4.102.81 dev tun1 proto kernel scope link src 10.4.102.82 
10.176.128.0/18 via 172.29.2.77 dev tun0 
10.177.0.0/18 via 172.29.2.77 dev tun0 
10.177.128.0/18 via 172.29.2.77 dev tun0 
10.178.0.0/16 via 172.29.2.77 dev tun0 
10.179.0.0/16 via 172.29.2.77 dev tun0 
10.180.0.0/16 via 172.29.2.77 dev tun0 
10.181.0.0/16 via 172.29.2.77 dev tun0 
10.183.0.0/16 via 172.29.2.77 dev tun0 
46.165.208.65 via 192.168.10.1 dev eth0 
128.0.0.0/1 via 10.4.102.81 dev tun1 
172.29.0.0/22 via 172.29.2.77 dev tun0 
172.29.2.77 dev tun0 proto kernel scope link src 172.29.2.78 
172.31.0.0/22 via 172.29.2.77 dev tun0 
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.76 metric 1 

openvpn route

share|improve this question

edited Jun 6 '14 at 12:40

simao

asked Jun 6 '14 at 9:50

simaosimao

15416

bumped to the homepage by Community♦ 5 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Can you post your routes (=output of ip r) and the subnet IPs, please?
  
  – jofel
  Jun 6 '14 at 11:25
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  What is the source and destination of the traffic that's routing through the tunnels?
  
  – Matt
  Jun 6 '14 at 12:12
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  tun1 not has default route. 0.0.0.0/1 - just half of all ipv4 diapason.
  
  – mr_tron
  Jun 6 '14 at 13:29
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes that is the first line, then I have 128.0.0.0/1 via 10.4.102.81 dev tun1 for the second half
  
  – simao
  Jun 6 '14 at 14:19
  

  
  
  
  

add a comment | 

0

I'm running two OpenVPN clients, so I have two tun interfaces configured.

Each of the tun interfaces has a different subnet. One of the interfaces, let's say tun1 has a default route, so most of my traffic goes through there.

My tun0 interface however, does not have a default route, so only packets to it's subnet are routed through this interface.

The problem is that packets that are supposed to go through tun0 => eth0, are going through tun0 => tun1 => eth0. This does make sense, because tun1 is used as a default device.

How can I prevent packets in my private network from being routed through both VPNs and make them routed only through one of the VPNs?

Update:

Here is my current routing table:

0.0.0.0/1 via 10.4.102.81 dev tun1 
default via 192.168.10.1 dev eth0 proto static 
10.4.0.1 via 10.4.102.81 dev tun1 
10.4.102.81 dev tun1 proto kernel scope link src 10.4.102.82 
10.176.128.0/18 via 172.29.2.77 dev tun0 
10.177.0.0/18 via 172.29.2.77 dev tun0 
10.177.128.0/18 via 172.29.2.77 dev tun0 
10.178.0.0/16 via 172.29.2.77 dev tun0 
10.179.0.0/16 via 172.29.2.77 dev tun0 
10.180.0.0/16 via 172.29.2.77 dev tun0 
10.181.0.0/16 via 172.29.2.77 dev tun0 
10.183.0.0/16 via 172.29.2.77 dev tun0 
46.165.208.65 via 192.168.10.1 dev eth0 
128.0.0.0/1 via 10.4.102.81 dev tun1 
172.29.0.0/22 via 172.29.2.77 dev tun0 
172.29.2.77 dev tun0 proto kernel scope link src 172.29.2.78 
172.31.0.0/22 via 172.29.2.77 dev tun0 
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.76 metric 1 

openvpn route

share|improve this question

edited Jun 6 '14 at 12:40

simao

asked Jun 6 '14 at 9:50

simaosimao

15416

bumped to the homepage by Community♦ 5 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Can you post your routes (=output of ip r) and the subnet IPs, please?
  
  – jofel
  Jun 6 '14 at 11:25
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  What is the source and destination of the traffic that's routing through the tunnels?
  
  – Matt
  Jun 6 '14 at 12:12
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  tun1 not has default route. 0.0.0.0/1 - just half of all ipv4 diapason.
  
  – mr_tron
  Jun 6 '14 at 13:29
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes that is the first line, then I have 128.0.0.0/1 via 10.4.102.81 dev tun1 for the second half
  
  – simao
  Jun 6 '14 at 14:19
  

  
  
  
  

add a comment | 

I'm running two OpenVPN clients, so I have two tun interfaces configured.

Each of the tun interfaces has a different subnet. One of the interfaces, let's say tun1 has a default route, so most of my traffic goes through there.

My tun0 interface however, does not have a default route, so only packets to it's subnet are routed through this interface.

The problem is that packets that are supposed to go through tun0 => eth0, are going through tun0 => tun1 => eth0. This does make sense, because tun1 is used as a default device.

How can I prevent packets in my private network from being routed through both VPNs and make them routed only through one of the VPNs?

Update:

Here is my current routing table:

0.0.0.0/1 via 10.4.102.81 dev tun1 
default via 192.168.10.1 dev eth0 proto static 
10.4.0.1 via 10.4.102.81 dev tun1 
10.4.102.81 dev tun1 proto kernel scope link src 10.4.102.82 
10.176.128.0/18 via 172.29.2.77 dev tun0 
10.177.0.0/18 via 172.29.2.77 dev tun0 
10.177.128.0/18 via 172.29.2.77 dev tun0 
10.178.0.0/16 via 172.29.2.77 dev tun0 
10.179.0.0/16 via 172.29.2.77 dev tun0 
10.180.0.0/16 via 172.29.2.77 dev tun0 
10.181.0.0/16 via 172.29.2.77 dev tun0 
10.183.0.0/16 via 172.29.2.77 dev tun0 
46.165.208.65 via 192.168.10.1 dev eth0 
128.0.0.0/1 via 10.4.102.81 dev tun1 
172.29.0.0/22 via 172.29.2.77 dev tun0 
172.29.2.77 dev tun0 proto kernel scope link src 172.29.2.78 
172.31.0.0/22 via 172.29.2.77 dev tun0 
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.76 metric 1 

openvpn route

share|improve this question

edited Jun 6 '14 at 12:40

simao

asked Jun 6 '14 at 9:50

simaosimao

15416

0.0.0.0/1 via 10.4.102.81 dev tun1 
default via 192.168.10.1 dev eth0 proto static 
10.4.0.1 via 10.4.102.81 dev tun1 
10.4.102.81 dev tun1 proto kernel scope link src 10.4.102.82 
10.176.128.0/18 via 172.29.2.77 dev tun0 
10.177.0.0/18 via 172.29.2.77 dev tun0 
10.177.128.0/18 via 172.29.2.77 dev tun0 
10.178.0.0/16 via 172.29.2.77 dev tun0 
10.179.0.0/16 via 172.29.2.77 dev tun0 
10.180.0.0/16 via 172.29.2.77 dev tun0 
10.181.0.0/16 via 172.29.2.77 dev tun0 
10.183.0.0/16 via 172.29.2.77 dev tun0 
46.165.208.65 via 192.168.10.1 dev eth0 
128.0.0.0/1 via 10.4.102.81 dev tun1 
172.29.0.0/22 via 172.29.2.77 dev tun0 
172.29.2.77 dev tun0 proto kernel scope link src 172.29.2.78 
172.31.0.0/22 via 172.29.2.77 dev tun0 
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.76 metric 1 

share|improve this question

edited Jun 6 '14 at 12:40

simao

asked Jun 6 '14 at 9:50

simaosimao

15416

share|improve this question

edited Jun 6 '14 at 12:40

simao

asked Jun 6 '14 at 9:50

simaosimao

15416

asked Jun 6 '14 at 9:50

simaosimao

15416

asked Jun 6 '14 at 9:50

simaosimao

15416

1 Answer
1

active

oldest

votes

0

You should add a route for the remote VPN servers (the tun0 one):

ip add route $ip_of_the_vpn_server via 192.168.10.1 dev eth0

or more generically:

ip add route $(ip route get $ip_of_the_vpn_server | head -n1)

before starting the VPN.

This will ensure that all packets to this VPN server will be sent by your non-VPN-default route.

share|improve this answer

answered Jun 12 '14 at 21:57

ysdxysdx

1,222913

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f134823%2fseparate-traffic-between-two-tun-devices-with-openvpn%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

You should add a route for the remote VPN servers (the tun0 one):

ip add route $ip_of_the_vpn_server via 192.168.10.1 dev eth0

or more generically:

ip add route $(ip route get $ip_of_the_vpn_server | head -n1)

before starting the VPN.

This will ensure that all packets to this VPN server will be sent by your non-VPN-default route.

share|improve this answer

answered Jun 12 '14 at 21:57

ysdxysdx

1,222913

add a comment | 

0

You should add a route for the remote VPN servers (the tun0 one):

ip add route $ip_of_the_vpn_server via 192.168.10.1 dev eth0

or more generically:

ip add route $(ip route get $ip_of_the_vpn_server | head -n1)

before starting the VPN.

This will ensure that all packets to this VPN server will be sent by your non-VPN-default route.

share|improve this answer

answered Jun 12 '14 at 21:57

ysdxysdx

1,222913

add a comment | 

You should add a route for the remote VPN servers (the tun0 one):

ip add route $ip_of_the_vpn_server via 192.168.10.1 dev eth0

or more generically:

ip add route $(ip route get $ip_of_the_vpn_server | head -n1)

before starting the VPN.

This will ensure that all packets to this VPN server will be sent by your non-VPN-default route.

share|improve this answer

answered Jun 12 '14 at 21:57

ysdxysdx

1,222913

ip add route $ip_of_the_vpn_server via 192.168.10.1 dev eth0

ip add route $(ip route get $ip_of_the_vpn_server | head -n1)

share|improve this answer

answered Jun 12 '14 at 21:57

ysdxysdx

1,222913

answered Jun 12 '14 at 21:57

ysdxysdx

1,222913

answered Jun 12 '14 at 21:57

ysdxysdx

1,222913