Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm establishing a VPN connection, but it doesn't seem to work like I thought. Here's the resulting routing table ant the traceroute output:
Code:
root@porteus:/home/guest# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0
10.8.0.1 10.8.0.5 255.255.255.255 UGH 1000 0 0 tun0
10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.0.0 10.8.0.5 255.255.255.0 UG 1000 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
root@porteus:/home/guest# traceroute www.whatismyipaddress.com
traceroute to www.whatismyipaddress.com (104.16.155.36), 30 hops max, 60 byte packets
1 home (192.168.1.1) 1.719 ms 3.817 ms 3.892 ms
2 172.17.1.50 (172.17.1.50) 6.225 ms 6.078 ms 6.031 ms
I tried to specify in my OVPN file route-metric 0 but no luck, all packets are still not using my VPN at all. What should I change to make my VPN interface tun0 to be default and the only interface for all TCP/IP communications on my machine?
First of all, please use a "code tag" on the above output to make it monospace (courier) and thus easier to read.
Then, please specify exactly what packets are "not behaving as you expected." What are the IP-addresses that you intend to be targeting? Also, what is the configuration of the server at the other side?
I expected the site www.whatismyipaddress.com to display my current IP address as if it were the VPN server address from OVPN file, but it is still showing me my original IP as if there're no VPN connection at all. Regarding the settings on the VPN server side all what I know it's a TP-Link router that supports OpenVPN server mode with quite a few settings available on its web GUI. But I used to see this model providing a correct VPN IP address for its clients, so I think there're might be a way of tweaking the client's OVPN file for achieving this.
1) you aren't secure if your routing table isn't. ipv6 btw "embeds software that can change your route table unless you know how to block it". i still use ipv4 just so i don't have to hack all the "support and software hack possibly malicious payloads in ipv6" actually. But i don't suggest you use VPN for anything except preventing weak attacks (ie, by neighbor teen gamers)
2) Try routed(1) or some equivalent program that writes the route table for you. TLDP.org used to have ipv4 docs how to do routing by hand I think they've "hidden it" and give only ubuntu instructions today - IDK. but it's a lengthy discussion.
it's very simply. the first valid route is where your packet will go ( UNLESS THE FIREWALL BLOCKS IT). if you have an erronous route table then no packet will go anywhere.
If you are using "tunneling" to do VPN and doing it by hand I suspect you'll need directions. Few would do that unless providig automated VPN for a new distribution. Maybe you should try installing software that sets it up for you if your anxious to get it working.
It's actually very simple: since your stated destination, 104.16.155.36, does not match any of the listed "destinations" as masked by their respective "genmasks," your traffic is simply being routed through the default, which is the first entry, which specifies eth0.
If you actually want all of your network traffic to pass through tun0, then your network routing rules must specify this as the "default route."
To clarify: the very-essential concept of "VPN" is that it presents itself to the rest of the system as "an otherwise-ordinary internet router or (maybe) switch." These devices customarily occupy a particular "non-routable" IP-address range, such as [b]10.8.0.x, which they use to communicate among themselves. To all of their clients, these addresses serve as "gateways."
Right now, as you are "browsing the internet," your home computer is "talking to the internet" through a "gateway" which is probably "192.168.1.1." And, the "subnet" that is covered by this gateway is ... "everything, everywhere." But, VPNs introduce another "gateway," through which some particularsubset of network traffic is (securely ...) diverted. The clients of that gateway neither know nor care that the traffic thus diverted is "secure." Your current routing rules divert only three particular streams of traffic into that secure tunnel.
Last edited by sundialsvcs; 10-23-2022 at 07:40 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.