Using "route add" on Windows to by-pass NordVPN for a specific IP causes "General failure" when testing ping
Solution 1
Got a response from NordVPN. This is their response, and this is the reason for the error:
This is due to our updated application firewall and it is done for the security reason. We will add a few modifications and bypass feature in the future, however, currently the only way to would be to use the OpenVPN application.
Solution 2
This was fixed for me by turning off "Invisibility on the LAN" even when NordVPN client was not running. Start NordVPN, (do not need to connect to any server), and ensure all settings like "Invisibility on the LAN" and "Cybersecurity" are off, then exit NordVPN.
Related videos on Youtube
programmer_subself
Updated on September 18, 2022Comments
-
programmer_subself over 1 year
I'm stumped and also quite surprised I didn't find a solution to this using Google/SuperUser.
I have NordVPN installed, and I'm using this page to configure that connection to a specific IP address go through my regular home connection and not through the VPN. It's a straightforward process of using "route add" in the terminal (as administrator).
I tried this on two different computers under the same network with the same NordVPN account. After I add the route to example.com (as in their instructions), and try to ping it, I get this result:
C:\WINDOWS\system32>ping 93.184.216.34 Pinging 93.184.216.34 with 32 bytes of data: General failure. General failure. General failure. General failure. Ping statistics for 93.184.216.34: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C:\WINDOWS\system32>
Deleting the route makes the ping go through again:
C:\WINDOWS\system32>route delete 93.184.216.34 10.0.0.138 OK! C:\WINDOWS\system32>ping 93.184.216.34 Pinging 93.184.216.34 with 32 bytes of data: Reply from 93.184.216.34: bytes=32 time=498ms TTL=53 Reply from 93.184.216.34: bytes=32 time=511ms TTL=53 Reply from 93.184.216.34: bytes=32 time=518ms TTL=53 Reply from 93.184.216.34: bytes=32 time=514ms TTL=53 Ping statistics for 93.184.216.34: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 498ms, Maximum = 518ms, Average = 510ms
Adding again, and failure again:
C:\WINDOWS\system32>route add 93.184.216.34 10.0.0.138 OK! C:\WINDOWS\system32>ping 93.184.216.34 Pinging 93.184.216.34 with 32 bytes of data: General failure. General failure. General failure. General failure. Ping statistics for 93.184.216.34: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Disconnecting from the VPN, and works again:
C:\WINDOWS\system32>ping 93.184.216.34 Pinging 93.184.216.34 with 32 bytes of data: Reply from 93.184.216.34: bytes=32 time=183ms TTL=54 Reply from 93.184.216.34: bytes=32 time=169ms TTL=54 Reply from 93.184.216.34: bytes=32 time=174ms TTL=54 Reply from 93.184.216.34: bytes=32 time=162ms TTL=54 Ping statistics for 93.184.216.34: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 162ms, Maximum = 183ms, Average = 172ms
10.0.0.138 is my router, it's the first line under "route print". This happens on two different laptops (one with Windows 10 and one with Windows 7). Anyone has any idea?
Thanks!
Edit: output of route print:
IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.0.0.138 10.0.0.12 55 0.0.0.0 128.0.0.0 10.8.8.1 10.8.8.178 3 10.0.0.0 255.255.255.0 On-link 10.0.0.12 311 10.0.0.12 255.255.255.255 On-link 10.0.0.12 311 10.0.0.255 255.255.255.255 On-link 10.0.0.12 311 10.8.8.0 255.255.255.0 On-link 10.8.8.178 259 10.8.8.178 255.255.255.255 On-link 10.8.8.178 259 10.8.8.255 255.255.255.255 On-link 10.8.8.178 259 93.184.216.34 255.255.255.255 10.0.0.138 10.0.0.12 56
Edit 2:
This is the second laptop (Windows 7) so the interface is now 10.0.0.15, but it's the same deal. route print with VPN connected:
=========================================================================== Interface List 15...00 ff 5e 25 a0 22 ......TAP-NordVPN Windows Adapter V9 11...00 26 5e 13 2c 80 ......Atheros AR9285 802.11b/g/n WiFi Adapter 10...00 26 9e 20 18 ee ......Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) 1...........................Software Loopback Interface 1 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.0.0.138 10.0.0.15 25 0.0.0.0 128.0.0.0 10.8.8.1 10.8.8.31 3 10.0.0.0 255.255.255.0 On-link 10.0.0.15 281 10.0.0.15 255.255.255.255 On-link 10.0.0.15 281 10.0.0.255 255.255.255.255 On-link 10.0.0.15 281 10.8.8.0 255.255.255.0 On-link 10.8.8.31 259 10.8.8.31 255.255.255.255 On-link 10.8.8.31 259 10.8.8.255 255.255.255.255 On-link 10.8.8.31 259 93.184.216.34 255.255.255.255 10.0.0.138 10.0.0.15 26 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 128.0.0.0 128.0.0.0 10.8.8.1 10.8.8.31 3 185.203.122.8 255.255.255.255 10.0.0.138 10.0.0.15 25 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 10.8.8.31 259 224.0.0.0 240.0.0.0 On-link 10.0.0.15 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 10.8.8.31 259 255.255.255.255 255.255.255.255 On-link 10.0.0.15 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 1 306 ff00::/8 On-link =========================================================================== Persistent Routes: None
route print with VPN disconnected:
=========================================================================== Interface List 15...00 ff 5e 25 a0 22 ......TAP-NordVPN Windows Adapter V9 11...00 26 5e 13 2c 80 ......Atheros AR9285 802.11b/g/n WiFi Adapter 10...00 26 9e 20 18 ee ......Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) 1...........................Software Loopback Interface 1 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.0.0.138 10.0.0.15 25 10.0.0.0 255.255.255.0 On-link 10.0.0.15 281 10.0.0.15 255.255.255.255 On-link 10.0.0.15 281 10.0.0.255 255.255.255.255 On-link 10.0.0.15 281 93.184.216.34 255.255.255.255 10.0.0.138 10.0.0.15 26 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 10.0.0.15 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 10.0.0.15 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 11 281 fe80::/64 On-link 11 281 fe80::b536:da0b:8a49:44d3/128 On-link 1 306 ff00::/8 On-link 11 281 ff00::/8 On-link =========================================================================== Persistent Routes: None
-
djsmiley2kStaysInside about 6 yearsHave you tried defining which interface to use, when adding the route? I am unsure how windows decides which interface to use, for 'unknown' routes... other than looking at the metric.
-
programmer_subself about 6 yearsI did now. Still the same error. Even if I don't specify the interface number, "route print" still shows the correct interface for the route I added. I will edit my original post to show the result of "route print". Thanks.
-
djsmiley2kStaysInside about 6 yearsLooking at your routing table, I think something is a bit mesed up. 0.0.0.0/8 is a weird prefix to be routing - did you add that by accident, or is the NordVPN adding it? It maybe worth posting your routing table both with and without the vpn running..
-
programmer_subself about 6 yearsI added the route print while connected and disconnected, under "Edit 2". Yes, the 0.0.0.0/8 route is there only when the VPN is connected. I'll add that the VPN works great, and other IPs seem to be working fine. Thanks for helping mate
-
programmer_subself about 6 yearsAlso, Windows Firewall is disabled. No Anti Virus
-
djsmiley2kStaysInside about 6 yearsOk, so NordVPN is doing something weird to your traffic, splitting it over 2 subnets, and routing them both via 10.8.8.1. I guess this easily 'defeats' any default route windows has, however your own route you've added should be respected as it's still more specific than either of the above routes.
-
djsmiley2kStaysInside about 6 yearsTry this: superuser.com/a/198784/38001
-
qasdfdsaq about 6 yearsCan you actually ping your router when the VPN is connected? Other local/LAN clients?
-
programmer_subself about 6 years@djsmiley2k I tried re-ordering as per the answer you linked, making my Wireless connection first. Don't know why that would help, as you said, my route to example.com was very specific. It didn't help, pinging still results in general failure.
-
programmer_subself about 6 years@qasdfdsaq , I can ping my router and other clients while VPN is connected. The amazing thing here is that it's the same on 2 different PCs. This has got to be a NordVPN problem somehow.
-
-
qasdfdsaq about 6 yearsFigured as much. Other VPNs have this as a documented, togglable feature, NordVPN seems to have introduced it as an undocumented, hidden feature - for now.