Understanding Routing Table with OpenVPN

networking router vpn openvpn
12,874

Solution 1

Solved! Thanks to eibgrad at the DD-WRT forums. Here is his answer:

(Source: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=277001 )

It's just a clever hack/trick.

There’s actually TWO important extra routes the VPN adds:

128.0.0.0/128.0.0.0 (covers 0.0.0.0 thru 127.255.255.255) 
0.0.0.0/128.0.0.0 (covers 128.0.0.0 thru 255.255.255.255)

The reason this works is because when it comes to routing, a more specific route is always preferred over a more general route. And 0.0.0.0/0.0.0.0 (the default gateway) is as general as it gets. But if we insert the above two routes, the fact they are more specific means one of them will always be chosen before 0.0.0.0/0.0.0.0 since those two routes still cover the entire IP spectrum (0.0.0.0 thru 255.255.255.255).

VPNs do this to avoid messing w/ existing routes. They don’t need to delete anything that was already there, or even examine the routing table. They just add their own routes when the VPN comes up, and remove them when the VPN is shutdown. Simple.

Solution 2

@Bojan Komazec is right

the 0.0.0.0/1 binary format is like blew:

ip   : 00000000.00000000.00000000.00000000
mask : 10000000.00000000.00000000.00000000

result the subet like this:
01111111.00000000.00000000.00000000
01111110.00000000.00000000.00000000
01111101.00000000.00000000.00000000
....

So 0.0.0.0/1 covers 0.0.0.0127.255.255.255

the 128.0.0.0/1 binary format is like blew:

ip   : 10000000.00000000.00000000.00000000
mask : 10000000.00000000.00000000.00000000

result the subet like this:
11111111.00000000.00000000.00000000
11111110.00000000.00000000.00000000
11111101.00000000.00000000.00000000

So 127.0.0.0/1 covers 128.0.0.1255.255.255.255

Share:
12,874

Related videos on Youtube

pkSML
Author by

pkSML

Updated on September 18, 2022

Comments

  • pkSML
    pkSML over 1 year

    Network layout: Laptop (OpenVPN client) <-> router with 192.168.1.xxx subnet <-> internet <-> Home router (running DD-WRT with OpenVPN server) with 192.168.11.xxx subnet

    The VPN server is operating in layer 2 mode (bridge). All of my internet traffic passes through the VPN tunnel. My home router & VPN have an external IP of 68.64.127.82.

    My laptop (VPN client) has an IP address on the physical LAN of 192.168.1.40. My IP address on the VPN is 192.168.11.50.

    Here is my question: What makes all the internet traffic pass through the VPN tunnel?

    Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.40     20
          0.0.0.0        128.0.0.0     192.168.11.1    192.168.11.50     30

    The first line says everything should go the router I'm physically connected to (not the VPN router). The second line makes no sense to me. The 192.168.11.xxx subnet is on my VPN. How can you have a 0.0.0.0 destination with a netmask?!?

    Question 2: What does the 128.0.0.0 netmask mean with a 0.0.0.0 destination?

    Question 3: Why does the second line take priority over the first line?

    Thanks for your help!

    Here is my full routing table:

    Here is my full routing table:

    C:\Users\owner>route print
===========================================================================
Interface List
 19...00 ff 79 ee e1 6b ......TAP-Windows Adapter V9
 10...00 1a 4b 13 d2 92 ......Broadcom NetLink (TM) Gigabit Ethernet
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.40     20
          0.0.0.0        128.0.0.0     192.168.11.1    192.168.11.50     30
     68.64.127.82  255.255.255.255      192.168.1.1     192.168.1.40     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0     192.168.11.1    192.168.11.50     30
      192.168.1.0    255.255.255.0         On-link      192.168.1.40    276
     192.168.1.40  255.255.255.255         On-link      192.168.1.40    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.40    276
     192.168.11.0    255.255.255.0         On-link     192.168.11.50    286
    192.168.11.50  255.255.255.255         On-link     192.168.11.50    286
   192.168.11.255  255.255.255.255         On-link     192.168.11.50    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.40    276
        224.0.0.0        240.0.0.0         On-link     192.168.11.50    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.40    276
  255.255.255.255  255.255.255.255         On-link     192.168.11.50    286
===========================================================================

    Here is my ipconfig:

    Windows IP Configuration

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-79-EE-E1-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c1f8:5d3:e14:dba6%19(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.11.50(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, December 11, 2014 11:20:53 AM
   Lease Expires . . . . . . . . . . : Friday, December 11, 2015 11:20:53 AM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 192.168.11.0
   DHCPv6 IAID . . . . . . . . . . . : 520159097
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-A1-5A-F6-00-1A-4B-6B-D2-7C

   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-1A-4B-13-D2-92
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::61c0:c604:f3e5:498%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.40(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, December 11, 2014 11:20:35 AM
   Lease Expires . . . . . . . . . . : Friday, December 12, 2014 11:20:35 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 234887755
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-A1-5A-F6-00-1A-4B-13-D2-92

   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
  • Bojan Komazec
    Bojan Komazec over 8 years
    Aren't IP address ranges swapped here? 0.0.0.0/128.0.0.0 covers 0.0.0.0 - 127.255.255.255 and 128.0.0.0/128.0.0.0 covers 128.0.0.0 - 255.255.255.255

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Access Client side LAN on VPN server
Can my ISP know if I'm using vpn
Asus Router OpenVPN Server cannot Access LAN
Routing a particular subnet into a VPN tunnel
pfSense 2.1 OpenVPN client not using tunnelled interface
Send all OpenVPN traffic through proxy or TOR proxy?
OpenVPN setup with PIA - Connects but no internet
AEAD Decrypt error: bad packet ID on openvpn using UDP
How to auto(re)connect to openvpn connection?
Ubuntu 17.10 - OpenVPN TAP - Help