[SOLVED] Multiple routes for same destination network

schard · 2020-02-25 11:19:52

I am currently migrating a VPN from OpenVPN to WireGuard. For testing purposes, both connections should coexist for the time being.
Current OpenVPN: 10.8.0.0/16
New WireGuard network: 10.10.0.0/16
I want to reach devices in this network from clients within a third intranet VPN, which is also using WireGuard.
Intranet VPN: 10.200.200.0/24
The OpenVPN Server and WireGuard peer for both WireGuard VPNs is set up. WireGuard, routing and OpenVPN are working fine so far.
Now I am facing the problem, that most of the target systems are only in the old OpenVPN network 10.8.0.0/16. A few testing systems are in both networks, i.e. also in 10.10.0.0/16.
I want to be able to reach the systems over both connections, which was easy enough on the intranet side:

default via 172.23.45.254 dev enp3s0 proto dhcp src 172.23.45.10 metric 1024 
10.8.0.0/16 via 10.8.0.1 dev intranet proto static onlink 
10.10.0.0/16 via 10.10.255.254 dev intranet proto static onlink 
10.200.200.0/24 via 10.200.200.254 dev intranet proto static onlink 
172.23.45.0/24 dev enp3s0 proto kernel scope link src 172.23.45.10 
172.23.45.254 dev enp3s0 proto dhcp scope link src 172.23.45.10 metric 1024

However, I cannot find a solution for the back-routes on the clients within both, the OpenVPN and WireGuard networks (10.8.0.0/16 and 10.10.0.0/16).
They should be able to send packages back to the intranet 10.200.200.0/24 via both network interfaces, preferring the WireGuard testing adapter and falling back to OpenVPN on errors.
After some reasearch on the interwebs, I am pretty certain, that IP does not allow for multiple routes of one network. I also get an according error on a respective testing client:

 $ ip route
default via 172.23.45.254 dev enp3s0 proto dhcp src 172.23.45.42 metric 1024 
10.8.0.0/16 dev tun0 proto kernel scope link src 10.8.0.22 
10.10.0.0/16 via 10.10.255.254 dev terminals proto static onlink 
10.200.200.0/24 via 10.200.200.254 dev terminals proto static onlink 
172.23.45.0/24 dev enp3s0 proto kernel scope link src 172.23.45.42 
172.23.45.254 dev enp3s0 proto dhcp scope link src 172.23.45.42 metric 1024 
$ sudo ip route add 10.200.200.0/24 via 10.8.0.1
RTNETLINK answers: File exists

How can I resolve this dilemma to make the testing clients able to send back packages to 10.200.200.0/24 via either 10.10.255.254 or 10.8.0.1 respectively?

Last edited by schard (2020-02-25 13:06:33)

seth · 2020-02-25 12:02:56

https://serverfault.com/questions/22653 … -goes-down
https://kindlund.wordpress.com/2007/11/ … -in-linux/
https://www.thomas-krenn.com/de/wiki/Zw … nem_System
https://www.thegeekstuff.com/2014/08/ad … p-command/

(All the same, you need another routing table to apply a rule, fallback behavior should™ just work then)

schard · 2020-02-25 13:06:20

Thanks. I followed the example from thomas-krenn. It worked nicely.

$ ip route show
default via 172.23.45.254 dev enp3s0 proto dhcp src 172.23.45.42 metric 1024 
10.8.0.0/16 dev tun0 proto kernel scope link src 10.8.0.22 
10.10.0.0/16 via 10.10.255.254 dev terminals proto static onlink 
10.200.200.0/24 via 10.10.255.254 dev terminals proto static onlink 
172.23.45.0/24 dev enp3s0 proto kernel scope link src 172.23.45.42 
172.23.45.254 dev enp3s0 proto dhcp scope link src 172.23.45.42 metric 1024 
$ ip route show table rt2
10.200.200.0/24 via 10.8.0.1 dev tun0 proto static src 10.8.0.22

Arch Linux

#1 2020-02-25 11:19:52

[SOLVED] Multiple routes for same destination network

#2 2020-02-25 12:02:56

Re: [SOLVED] Multiple routes for same destination network

#3 2020-02-25 13:06:20

Re: [SOLVED] Multiple routes for same destination network

Board footer