Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Mick <michaelkintzios@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] VPN question
Date: Tue, 24 Dec 2013 11:32:19
Message-Id: 201312241131.50365.michaelkintzios@gmail.com
In Reply to: Re: [gentoo-user] VPN question by Timur Aydin
1 On Monday 23 Dec 2013 17:44:17 Timur Aydin wrote:
2 > On 12/23/13 18:24, Burak Arslan wrote:
3 > > Once the VPN connection is established, among the routes pushed by your
4 > > OpenVPN provider is also a default gateway entry which routes every
5 > > non-local packet through the vpn.
6 >
7 > Here is the routing setup after the tunnel is up:
8 >
9 > bonsai ~ # /etc/init.d/openvpn start
10 > * Starting openvpn
11 > * WARNING: openvpn has started, but is inactive
12 > bonsai ~ # ip route show
13 > 0.0.0.0/1 via 10.8.2.213 dev tun0
14 > default via 92.44.0.41 dev ppp0 metric 4007
15 > 10.2.1.0/24 dev eno1 proto kernel scope link src 10.2.1.254
16 > 10.2.2.0/24 dev enp1s0 proto kernel scope link src 10.2.2.254
17 > 10.2.3.0/24 dev enp8s0 proto kernel scope link src 10.2.3.254
18 > 10.8.2.209 via 10.8.2.213 dev tun0 metric 1
19 > 10.8.2.213 dev tun0 proto kernel scope link src 10.8.2.214
20 > 92.44.0.41 dev ppp0 proto kernel scope link src 176.41.233.165
21 > 127.0.0.0/8 dev lo scope host
22 > 127.0.0.0/8 via 127.0.0.1 dev lo
23 > 128.0.0.0/1 via 10.8.2.213 dev tun0
24 > 173.195.6.91 via 92.44.0.41 dev ppp0
25 >
26 > > Your daemons at home receive a packet via your static Turkish address
27 > > but, because you got your default gw configured to be your vpn provider,
28 > > the response packet goes through NY. Due to reverse-path filtering or
29 > > some other fact of nature, it's dropped somewhere along the way.
30 > >
31 > > If that's the case (big if :)), here's what you need to do:
32 > > http://lartc.org/lartc.html#AEN267
33 >
34 > Thanks for this link! I will need some time to digest this information
35 > and will report back with my progress.
36
37 Also have a look here for OpenVPN specific split tunnelling (split routing):
38
39 http://dltj.org/article/openvpn-split-routing/
40
41 https://forums.openvpn.net/topic7065.html
42
43 HTH.
44 --
45 Regards,
46 Mick

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups