Using "route add" on Windows to by-pass NordVPN for a specific IP causes "General failure" when testing ping

windows-7 windows-10 vpn routing ping

6,005

Solution 1

Got a response from NordVPN. This is their response, and this is the reason for the error:

This is due to our updated application firewall and it is done for the security reason. We will add a few modifications and bypass feature in the future, however, currently the only way to would be to use the OpenVPN application.

Solution 2

This was fixed for me by turning off "Invisibility on the LAN" even when NordVPN client was not running. Start NordVPN, (do not need to connect to any server), and ensure all settings like "Invisibility on the LAN" and "Cybersecurity" are off, then exit NordVPN.

6,005

programmer_subself

Updated on September 18, 2022

Comments

programmer_subself over 1 year

I'm stumped and also quite surprised I didn't find a solution to this using Google/SuperUser.

I have NordVPN installed, and I'm using this page to configure that connection to a specific IP address go through my regular home connection and not through the VPN. It's a straightforward process of using "route add" in the terminal (as administrator).

I tried this on two different computers under the same network with the same NordVPN account. After I add the route to example.com (as in their instructions), and try to ping it, I get this result:

C:\WINDOWS\system32>ping 93.184.216.34

Pinging 93.184.216.34 with 32 bytes of data:
General failure.
General failure.
General failure.
General failure.

Ping statistics for 93.184.216.34:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\WINDOWS\system32>

Deleting the route makes the ping go through again:

C:\WINDOWS\system32>route delete 93.184.216.34 10.0.0.138
 OK!

C:\WINDOWS\system32>ping 93.184.216.34

Pinging 93.184.216.34 with 32 bytes of data:
Reply from 93.184.216.34: bytes=32 time=498ms TTL=53
Reply from 93.184.216.34: bytes=32 time=511ms TTL=53
Reply from 93.184.216.34: bytes=32 time=518ms TTL=53
Reply from 93.184.216.34: bytes=32 time=514ms TTL=53

Ping statistics for 93.184.216.34:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 498ms, Maximum = 518ms, Average = 510ms

Adding again, and failure again:

C:\WINDOWS\system32>route add 93.184.216.34 10.0.0.138
 OK!

C:\WINDOWS\system32>ping 93.184.216.34

Pinging 93.184.216.34 with 32 bytes of data:
General failure.
General failure.
General failure.
General failure.

Ping statistics for 93.184.216.34:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Disconnecting from the VPN, and works again:

C:\WINDOWS\system32>ping 93.184.216.34

Pinging 93.184.216.34 with 32 bytes of data:
Reply from 93.184.216.34: bytes=32 time=183ms TTL=54
Reply from 93.184.216.34: bytes=32 time=169ms TTL=54
Reply from 93.184.216.34: bytes=32 time=174ms TTL=54
Reply from 93.184.216.34: bytes=32 time=162ms TTL=54

Ping statistics for 93.184.216.34:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 162ms, Maximum = 183ms, Average = 172ms

10.0.0.138 is my router, it's the first line under "route print". This happens on two different laptops (one with Windows 10 and one with Windows 7). Anyone has any idea?

Thanks!

Edit: output of route print:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.0.0.138        10.0.0.12     55
          0.0.0.0        128.0.0.0         10.8.8.1       10.8.8.178      3
         10.0.0.0    255.255.255.0         On-link         10.0.0.12    311
        10.0.0.12  255.255.255.255         On-link         10.0.0.12    311
       10.0.0.255  255.255.255.255         On-link         10.0.0.12    311
         10.8.8.0    255.255.255.0         On-link        10.8.8.178    259
       10.8.8.178  255.255.255.255         On-link        10.8.8.178    259
       10.8.8.255  255.255.255.255         On-link        10.8.8.178    259
    93.184.216.34  255.255.255.255       10.0.0.138        10.0.0.12     56

Edit 2:

This is the second laptop (Windows 7) so the interface is now 10.0.0.15, but it's the same deal. route print with VPN connected:

===========================================================================
Interface List
 15...00 ff 5e 25 a0 22 ......TAP-NordVPN Windows Adapter V9
 11...00 26 5e 13 2c 80 ......Atheros AR9285 802.11b/g/n WiFi Adapter
 10...00 26 9e 20 18 ee ......Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.0.0.138        10.0.0.15     25
          0.0.0.0        128.0.0.0         10.8.8.1        10.8.8.31      3
         10.0.0.0    255.255.255.0         On-link         10.0.0.15    281
        10.0.0.15  255.255.255.255         On-link         10.0.0.15    281
       10.0.0.255  255.255.255.255         On-link         10.0.0.15    281
         10.8.8.0    255.255.255.0         On-link         10.8.8.31    259
        10.8.8.31  255.255.255.255         On-link         10.8.8.31    259
       10.8.8.255  255.255.255.255         On-link         10.8.8.31    259
    93.184.216.34  255.255.255.255       10.0.0.138        10.0.0.15     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0         10.8.8.1        10.8.8.31      3
    185.203.122.8  255.255.255.255       10.0.0.138        10.0.0.15     25
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         10.8.8.31    259
        224.0.0.0        240.0.0.0         On-link         10.0.0.15    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         10.8.8.31    259
  255.255.255.255  255.255.255.255         On-link         10.0.0.15    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

route print with VPN disconnected:

===========================================================================
Interface List
 15...00 ff 5e 25 a0 22 ......TAP-NordVPN Windows Adapter V9
 11...00 26 5e 13 2c 80 ......Atheros AR9285 802.11b/g/n WiFi Adapter
 10...00 26 9e 20 18 ee ......Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.0.0.138        10.0.0.15     25
         10.0.0.0    255.255.255.0         On-link         10.0.0.15    281
        10.0.0.15  255.255.255.255         On-link         10.0.0.15    281
       10.0.0.255  255.255.255.255         On-link         10.0.0.15    281
    93.184.216.34  255.255.255.255       10.0.0.138        10.0.0.15     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         10.0.0.15    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         10.0.0.15    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 11    281 fe80::b536:da0b:8a49:44d3/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

djsmiley2kStaysInside about 6 years

Have you tried defining which interface to use, when adding the route? I am unsure how windows decides which interface to use, for 'unknown' routes... other than looking at the metric.
programmer_subself about 6 years

I did now. Still the same error. Even if I don't specify the interface number, "route print" still shows the correct interface for the route I added. I will edit my original post to show the result of "route print". Thanks.
djsmiley2kStaysInside about 6 years

Looking at your routing table, I think something is a bit mesed up. 0.0.0.0/8 is a weird prefix to be routing - did you add that by accident, or is the NordVPN adding it? It maybe worth posting your routing table both with and without the vpn running..
programmer_subself about 6 years

I added the route print while connected and disconnected, under "Edit 2". Yes, the 0.0.0.0/8 route is there only when the VPN is connected. I'll add that the VPN works great, and other IPs seem to be working fine. Thanks for helping mate
programmer_subself about 6 years

Also, Windows Firewall is disabled. No Anti Virus
djsmiley2kStaysInside about 6 years

Ok, so NordVPN is doing something weird to your traffic, splitting it over 2 subnets, and routing them both via 10.8.8.1. I guess this easily 'defeats' any default route windows has, however your own route you've added should be respected as it's still more specific than either of the above routes.
djsmiley2kStaysInside about 6 years

Try this: superuser.com/a/198784/38001
qasdfdsaq about 6 years

Can you actually ping your router when the VPN is connected? Other local/LAN clients?
programmer_subself about 6 years

@djsmiley2k I tried re-ordering as per the answer you linked, making my Wireless connection first. Don't know why that would help, as you said, my route to example.com was very specific. It didn't help, pinging still results in general failure.
programmer_subself about 6 years

@qasdfdsaq , I can ping my router and other clients while VPN is connected. The amazing thing here is that it's the same on 2 different PCs. This has got to be a NordVPN problem somehow.

qasdfdsaq about 6 years

Figured as much. Other VPNs have this as a documented, togglable feature, NordVPN seems to have introduced it as an undocumented, hidden feature - for now.