Need routing table assistance for using openvpn and transmission together

ryanafleming · 03-18-2016, 05:02 AM

Hi Gents!

I think I am missing a fundemental thing with my routing table or simply don't understand.

My goal is to get tranmission to run through my VPN client (openvpn) while the rest of my internet traffic runs through my standard network.

I can currently bind my transmission application to my tunnel IP supplied by an openVPN up script. This works such that when the tunnel goes down, internet is still active on my device, but transmission stops transmitting as intended. However, when the tunnel is active it doesn't matter what I do, I can't appear to get target set up working with routing tables.

I am running a QNAP NAS that runs on the older "Linux version 3.12.6" thus many of the guides or answers I have found online, run newer parameters that the "ip" command supports, such as namespaces.

My default route table is as follows:
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0

When the VPN connects, I have the following routing table:
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.8.0.17 128.0.0.0 UG 0 0 0 tun1
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
10.8.0.1 10.8.0.17 255.255.255.255 UGH 0 0 0 tun1
10.8.0.17 * 255.255.255.255 UH 0 0 0 tun1
80.xx.xx.104 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
128.0.0.0 10.8.0.17 128.0.0.0 UG 0 0 0 tun1
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0

My ifconfig output:
eth0 Link encap:Ethernet HWaddr 00:08:9B:xx:xx:xx
inet addr:192.168.1.6 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4345443 errors:0 dropped:0 overruns:0 frame:0
TX packets:3114153 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4762412430 (4.4 GiB) TX bytes:1410005076 (1.3 GiB)

eth1 Link encap:Ethernet HWaddr 00:08:7A:xx:xx:xx
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:463841 errors:0 dropped:0 overruns:0 frame:0
TX packets:463841 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:306840463 (292.6 MiB) TX bytes:306840463 (292.6 MiB)

tun1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.18 P-t-P:10.8.0.17 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:66504 errors:0 dropped:0 overruns:0 frame:0
TX packets:52409 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:73354851 (69.9 MiB) TX bytes:6451824 (6.1 MiB)

Any suggestions would be awesome!

Ryan.

nini09 · 03-22-2016, 02:55 PM

There are two default route in routing table. This could confuse system. You need setup multi routing table using policy routing to take care of different traffic.

sundialsvcs · 03-23-2016, 02:23 PM

Also, those 128.0.0.0 network-masks are both highly unusual and very broad: they're testing a single bit! Do some route commands to see where various IP-addresses are really being directed. I think you'll find that those routes are sweeping far more information than you expect into the tunnel.

I would ordinarily expect to find only a very-few routes being added: maybe, only one. All that you want, in this case, is for the specific range of addresses corresponding to the subnet to be swept into the tunnel, using netmasks that contain only "255's" and "0's." (No "128's.")

If you want to sweep 10.8.0.xx and 128.x.x.x into the tunnel, then that's exactly what (two ...) added route commands should say. And, nothing more: (for example... maybe ...)

Code:

#     Dest.      Netmask     Gateway
route 10.8.0.0   255.255.0.0 10.8.0.17
route 128.0.0.0  255.0.0.0   10.8.0.17

When creating routing rules, "less is more."

I suspect that many connections, if made while the tunnel is "up," are being directed through the tunnel when you don't expect them to. Consequently, they are lost when the tunnel is taken down.

ryanafleming · 03-23-2016, 06:53 PM

From my initial readings of the old "route" command in comparison to "ip route", I found the following things out:

- default = 0.0.0.0
- the more specific the netmask (why do they call it genmask?) the high priority it gets when routing.
- the VPN added two entries with the 128.0.0.0 netmasks, one where the MSB is set and one where it is unset.

From the notions above, I can assume that the default route with the netmask 0.0.0.0 is neglected because it is of lower priority than the two rules set by openvpn.

I played a little around with the "route" command trying to set more specific rules with the 2 MSB's to have a netmask of 192.0.0.0. These didnt quite work as expected

I am assuming from nini09's comments that I should use "ip route" and do some slightly more advanced things than simply relying on netmasks and destination IP's?

ryanafleming · 03-24-2016, 02:52 AM

EDIT: Ignore me.