Understanding Routing Table with OpenVPN
Solution 1
Solved! Thanks to eibgrad at the DD-WRT forums. Here is his answer:
(Source: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=277001 )
It's just a clever hack/trick.
There’s actually TWO important extra routes the VPN adds:
128.0.0.0/128.0.0.0 (covers 0.0.0.0 thru 127.255.255.255)
0.0.0.0/128.0.0.0 (covers 128.0.0.0 thru 255.255.255.255)
The reason this works is because when it comes to routing, a more specific route is always preferred over a more general route. And 0.0.0.0/0.0.0.0
(the default gateway) is as general as it gets. But if we insert the above two routes, the fact they are more specific means one of them will always be chosen before 0.0.0.0/0.0.0.0
since those two routes still cover the entire IP spectrum (0.0.0.0
thru 255.255.255.255
).
VPNs do this to avoid messing w/ existing routes. They don’t need to delete anything that was already there, or even examine the routing table. They just add their own routes when the VPN comes up, and remove them when the VPN is shutdown. Simple.
Solution 2
@Bojan Komazec is right
the 0.0.0.0/1
binary format is like blew:
ip : 00000000.00000000.00000000.00000000
mask : 10000000.00000000.00000000.00000000
result the subet like this:
01111111.00000000.00000000.00000000
01111110.00000000.00000000.00000000
01111101.00000000.00000000.00000000
....
So 0.0.0.0/1
covers 0.0.0.0
– 127.255.255.255
the 128.0.0.0/1
binary format is like blew:
ip : 10000000.00000000.00000000.00000000
mask : 10000000.00000000.00000000.00000000
result the subet like this:
11111111.00000000.00000000.00000000
11111110.00000000.00000000.00000000
11111101.00000000.00000000.00000000
So 127.0.0.0/1
covers 128.0.0.1
– 255.255.255.255
Related videos on Youtube
pkSML
Updated on September 18, 2022Comments
-
pkSML over 1 year
Network layout:
Laptop (OpenVPN client) <-> router with 192.168.1.xxx subnet <-> internet <-> Home router (running DD-WRT with OpenVPN server) with 192.168.11.xxx subnet
The VPN server is operating in layer 2 mode (bridge). All of my internet traffic passes through the VPN tunnel. My home router & VPN have an external IP of
68.64.127.82
.My laptop (VPN client) has an IP address on the physical LAN of
192.168.1.40
. My IP address on the VPN is192.168.11.50
.Here is my question: What makes all the internet traffic pass through the VPN tunnel?
Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.40 20 0.0.0.0 128.0.0.0 192.168.11.1 192.168.11.50 30
The first line says everything should go the router I'm physically connected to (not the VPN router). The second line makes no sense to me. The
192.168.11.xxx
subnet is on my VPN. How can you have a0.0.0.0
destination with a netmask?!?Question 2: What does the
128.0.0.0
netmask mean with a0.0.0.0
destination?Question 3: Why does the second line take priority over the first line?
Thanks for your help!
Here is my full routing table:
Here is my full routing table:
C:\Users\owner>route print =========================================================================== Interface List 19...00 ff 79 ee e1 6b ......TAP-Windows Adapter V9 10...00 1a 4b 13 d2 92 ......Broadcom NetLink (TM) Gigabit Ethernet 1...........................Software Loopback Interface 1 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.40 20 0.0.0.0 128.0.0.0 192.168.11.1 192.168.11.50 30 68.64.127.82 255.255.255.255 192.168.1.1 192.168.1.40 20 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 128.0.0.0 128.0.0.0 192.168.11.1 192.168.11.50 30 192.168.1.0 255.255.255.0 On-link 192.168.1.40 276 192.168.1.40 255.255.255.255 On-link 192.168.1.40 276 192.168.1.255 255.255.255.255 On-link 192.168.1.40 276 192.168.11.0 255.255.255.0 On-link 192.168.11.50 286 192.168.11.50 255.255.255.255 On-link 192.168.11.50 286 192.168.11.255 255.255.255.255 On-link 192.168.11.50 286 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.40 276 224.0.0.0 240.0.0.0 On-link 192.168.11.50 286 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.40 276 255.255.255.255 255.255.255.255 On-link 192.168.11.50 286 ===========================================================================
Here is my ipconfig:
Windows IP Configuration Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Windows Adapter V9 Physical Address. . . . . . . . . : 00-FF-79-EE-E1-6B DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::c1f8:5d3:e14:dba6%19(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.11.50(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Thursday, December 11, 2014 11:20:53 AM Lease Expires . . . . . . . . . . : Friday, December 11, 2015 11:20:53 AM Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 192.168.11.0 DHCPv6 IAID . . . . . . . . . . . : 520159097 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-A1-5A-F6-00-1A-4B-6B-D2-7C DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet Physical Address. . . . . . . . . : 00-1A-4B-13-D2-92 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::61c0:c604:f3e5:498%10(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.40(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Thursday, December 11, 2014 11:20:35 AM Lease Expires . . . . . . . . . . : Friday, December 12, 2014 11:20:35 AM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 234887755 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-A1-5A-F6-00-1A-4B-13-D2-92 DNS Servers . . . . . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled
-
Bojan Komazec over 8 yearsAren't IP address ranges swapped here?
0.0.0.0/128.0.0.0
covers0.0.0.0 - 127.255.255.255
and128.0.0.0/128.0.0.0
covers128.0.0.0 - 255.255.255.255