IP routes after VPN connection

zreeon · 2016-05-11 14:28:35

Hi all -

Before I connect to my VPN, the output of ip route is:

default via 192.168.1.1 dev wlp2s0 
192.168.1.0/24 dev wlp2s0  proto kernel  scope link  src 192.168.1.7  metric 600

And then I connect to my VPN using openconnect. However, it appears that my internet traffic is not being routed through the VPN. Here's the output of ip route (changing some numbers to X's):

default via 192.168.1.1 dev wlp2s0 
10.x.x.x/8 dev tun0  scope link 
128.xx.xx.xx/16 dev tun0  scope link 
128.xx.xx.xx/16 dev tun0  scope link 
128.xx.xxx.xx dev tun0  scope link 
128.xx.xxx.xx dev tun0  scope link 
129.xxx.xx.xx/16 dev tun0  scope link 
129.xxx.xx.x via 192.168.1.1 dev wlp2s0  src 192.168.1.7 
146.xx.xx.xx/16 dev tun0  scope link 
146.xx.xx.xx/16 dev tun0  proto static  scope link  metric 1 
172.xx.x.x/12 dev tun0  scope link 
172.xx.x.x/12 dev tun0  proto static  scope link  metric 1 
172.xx.xxx.x/19 dev tun0  scope link 
172.xx.xxx.x/19 dev tun0  proto static  scope link  metric 1 
192.xxx.x.x/24 dev wlp2s0  proto kernel  scope link  src 192.168.1.7  metric 600 
198.xxx.xxx.x/18 dev tun0  scope link 
198.xxx.xxx.x/18 dev tun0  proto static  scope link  metric 1 
206.xx.xx.x/18 dev tun0  scope link 
206.xx.xx.x/18 dev tun0  proto static  scope link  metric 1

What do I need to do to fix this?

djgera · 2016-05-11 19:25:31

set a route to the vpn host AND

* change default route to the vpn interface
OR
* set a new default route with metric lower than the default (current) route (but since you do not have a metric set in this route, you need to assign one)
OR
* setup two routes like 0/1 and 128/1 to vpn interface, keeping your current default route without any effect.

zreeon · 2016-05-24 14:54:55

Thanks for the reply. I'm still having trouble, though.

After I use openconnect to connect to the VPN, it prints out:

"connected tun0 as 172.xx.xxx.xx, using SSL"

That IP address isn't in the output of ip route, though, so I do:

sudo ip route change default via 172.xx.xxx.xx dev tun0

That should both set the route and change the default, right? But it doesn't seem to work. I don't get any errors or anything after running that command, but webpages won't load.

This may or may not be related, but the "link" for tun0 is nothing. In other words, the output of "ip link show tun0" is:

4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1406 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 500
    link/none

djgera · 2016-05-24 22:58:42

With partial output is a bit complex to determine what you want to do, in any case use "ip route get" to debug routes, "ip link" with show... link info, use ip addr...

Arch Linux

#1 2016-05-11 14:28:35

IP routes after VPN connection

#2 2016-05-11 19:25:31

Re: IP routes after VPN connection

#3 2016-05-24 14:54:55

Re: IP routes after VPN connection

#4 2016-05-24 22:58:42

Re: IP routes after VPN connection

Board footer