Route specific ip adress through VPN gateway

linux vpn routing
5,978

Seems like you are on the right track. You want to be using the route add commands, but it appears you have the wrong IP for your VPN's gateway.

First, the command you want to use is:

route add -host <Remote Server IP> gw <Local IP of VPN Gateway>

The errors you are getting about 'Network is unreachable' are because you are using (I assume) the remote IP of the VPN gateway. Your computer does not have a way to reach 163.172.224.201 as this network is not 'directly connected' or given by another route. You should use the local IP address of your VPN gateway, which is going to be in the 192.138.6.0/24 subnet. You currently don't have this gateway, either because you accidentally deleted it while configuring things or it was never provided. You can check your VPN gateway by dumping your DHCP leases. Run cat /var/lib/dhcp/dhclient.vpn_vpn.leases and check what gateway is specified here (option routers). If no gateway is specified, try to use the IP of the DHCP server (option dhcp-server-identifier).

If you find the IP of the VPN gateway is '192.168.6.1', then your final command would be:

route add -host 10.0.4.29 gw 192.168.6.1

Share:
5,978

Related videos on Youtube

julien
Author by

julien

Updated on September 18, 2022

Comments

  • julien
    julien over 1 year

    I'm running a Linux Mint (client) machine, and I need to connect to a remote (server) IP (10.0.4.29) through a VPN Gateway (163.172.224.201).

    The VPN (Softether) created a virtual network interface (named vpn_vpn).

    I'm currently connected to a Wifi Network (livebox on below outputs), and the VPN connection is working correctly.

    Here are the output of:

    netstat -r

    Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default livebox 0.0.0.0 UG 0 0 0 wlp3s0 link-local * 255.255.0.0 U 0 0 0 wlp3s0 192.168.1.0 * 255.255.255.0 U 0 0 0 wlp3s0 192.168.6.0 * 255.255.255.0 U 0 0 0 vpn_vpn

    ip route list

    default via 192.168.1.1 dev wlp3s0 169.254.0.0/16 dev wlp3s0 scope link metric 1000 192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.128 metric 600 192.168.6.0/24 dev vpn_vpn proto kernel scope link src 192.168.6.57

    How can I route all traffic to 10.0.4.29 through my gateway, and let other IP go through the livebox gateaway?

    I already tried to execute these commands:

    sudo ip route add default via 163.172.224.201 RTNETLINK answers: Network is unreachable

    sudo route delete default sudo ip route add default via 163.172.224.201 RTNETLINK answers: Network is unreachable

    sudo route add -host 10.0.4.29 gw 163.172.224.201 SIOCADDRT: Network is unreachable

    sudo ip route add 10.0.4.29 dev vpn_vpn ip route get 10.0.4.29 10.0.4.29 dev vpn_vpn src 192.168.6.57 cache

    and then ping 10.0.4.29

    PING 10.0.4.29 (10.0.4.29) 56(84) bytes of data. From 192.168.6.57 icmp_seq=1 Destination Host Unreachable

    I know this is a really simple case, and I know I'm missing something, I don't know what. Can someone please help me?

    Regards,

    Julien

  • julien
    julien about 5 years
    You're a genious! I did exactly what you did + sudo route delete default because netstat -r returns a second default line (that I need to remove) default 192.168.6.1 0.0.0.0 UG 0 0 0 vpn_vpn
  • julien
    julien about 5 years
    Sorry, just one last question. When I restarted my computer, I lost my settings, therefore I ran: sudo route add -net 192.168.6.0/24 dev vpn_vpn and sudo route add -host 10.0.4.29 gw 192.168.6.1. Netstat -r return the same thing as my initial post, but ip route list returns: 192.168.6.0/24 dev vpn_vpn scope link (instead of : 192.168.6.0/24 dev vpn_vpn proto kernel scope link src 192.168.6.57) and ip route get 10.0.4.29 returns now : 10.0.4.29 via 192.168.6.1 dev vpn_vpn src 192.168.1.26 (instead of 10.0.4.29 dev vpn_vpn src 192.168.6.57)How can I change route list for 10.0.4.29?
  • Andy
    Andy about 5 years
    I should have mentioned these commands do not persist over reboot. You'll want to add them to a shell script that is run as root on every boot. The source field is explained here: serverfault.com/questions/451601 It might be important in your situation; it depends if the kenel was dumb enough to send something down the vpn tunnel with an IP other than the vpn tunnel's IP.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to open VPN connection inside other VPN connection under Linux/Ubuntu
Split tunnel routing a specific port over OpenVPN on Ubuntu Server 12.04
Peering two sites in a VPN: DIY mode with twin Raspberry Pi
Route only certain IP range with VPN connection
Route only specific traffic through VPN
How do I setup Ubuntu/Linux's Network manager to selectively route network traffic through the VPN?
PPTP IPTables routing issue
How to route UPnP broadcasts to another subnet?
How to get OpenVPN Client (Mikrotik RouterOS) <-> OpenVPN server (Debian/Linux) setup to work
Bypass openvpn for particular ip