Routing traffic over p2p1 and tun0 correctly





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







1















I have been trawling these questions and trying many different solutions to get this working, but I seem to have a problem with getting my routing set up correctly. I have a box installed in a network with no Internet access with the exception of OpenVPN to my server. Everything else is blocked leaving the LAN segment the box is on.



The box opens a connection to my VPN server, so now I have p2p1 and tun0. The setup for /etc/network/interfaces is:



# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.56.211
netmask 255.255.255.0
gateway 192.168.56.251
dns-nameservers 192.168.100.20 192.168.50.35


The OpenVPN connection comes up and connects as you would expect, allowing me to SSH into the box via the VPN from outside the LAN. The issue is that all outgoing data is trying to use the local gateway. I haven't been able to get any routing configuration so far to pass the following:




  1. Local LAN via 192.168.56.251

  2. Secondary LAN (192.168.50.x) via 192.168.56.251

  3. VPN Server via 192.168.56.251

  4. Internet via tun0 (OpenVPN interface)


I've tried using



up route add -net 1.2.3.4/32 gw 10.8.4.9


to configure at least one server to get a connection via the VPN, but still no joy. It's like nothing is routing correctly. At the very minimum I at least need to get apt-get working via the VPN and then getting my webserver to go via it as well. I an cope with it being limited like that, but ideally I just want to fix it so the routes are correct!










share|improve this question





























    1















    I have been trawling these questions and trying many different solutions to get this working, but I seem to have a problem with getting my routing set up correctly. I have a box installed in a network with no Internet access with the exception of OpenVPN to my server. Everything else is blocked leaving the LAN segment the box is on.



    The box opens a connection to my VPN server, so now I have p2p1 and tun0. The setup for /etc/network/interfaces is:



    # The loopback network interface
    auto lo
    iface lo inet loopback

    # The primary network interface
    auto eth0
    iface eth0 inet static
    address 192.168.56.211
    netmask 255.255.255.0
    gateway 192.168.56.251
    dns-nameservers 192.168.100.20 192.168.50.35


    The OpenVPN connection comes up and connects as you would expect, allowing me to SSH into the box via the VPN from outside the LAN. The issue is that all outgoing data is trying to use the local gateway. I haven't been able to get any routing configuration so far to pass the following:




    1. Local LAN via 192.168.56.251

    2. Secondary LAN (192.168.50.x) via 192.168.56.251

    3. VPN Server via 192.168.56.251

    4. Internet via tun0 (OpenVPN interface)


    I've tried using



    up route add -net 1.2.3.4/32 gw 10.8.4.9


    to configure at least one server to get a connection via the VPN, but still no joy. It's like nothing is routing correctly. At the very minimum I at least need to get apt-get working via the VPN and then getting my webserver to go via it as well. I an cope with it being limited like that, but ideally I just want to fix it so the routes are correct!










    share|improve this question

























      1












      1








      1


      1






      I have been trawling these questions and trying many different solutions to get this working, but I seem to have a problem with getting my routing set up correctly. I have a box installed in a network with no Internet access with the exception of OpenVPN to my server. Everything else is blocked leaving the LAN segment the box is on.



      The box opens a connection to my VPN server, so now I have p2p1 and tun0. The setup for /etc/network/interfaces is:



      # The loopback network interface
      auto lo
      iface lo inet loopback

      # The primary network interface
      auto eth0
      iface eth0 inet static
      address 192.168.56.211
      netmask 255.255.255.0
      gateway 192.168.56.251
      dns-nameservers 192.168.100.20 192.168.50.35


      The OpenVPN connection comes up and connects as you would expect, allowing me to SSH into the box via the VPN from outside the LAN. The issue is that all outgoing data is trying to use the local gateway. I haven't been able to get any routing configuration so far to pass the following:




      1. Local LAN via 192.168.56.251

      2. Secondary LAN (192.168.50.x) via 192.168.56.251

      3. VPN Server via 192.168.56.251

      4. Internet via tun0 (OpenVPN interface)


      I've tried using



      up route add -net 1.2.3.4/32 gw 10.8.4.9


      to configure at least one server to get a connection via the VPN, but still no joy. It's like nothing is routing correctly. At the very minimum I at least need to get apt-get working via the VPN and then getting my webserver to go via it as well. I an cope with it being limited like that, but ideally I just want to fix it so the routes are correct!










      share|improve this question














      I have been trawling these questions and trying many different solutions to get this working, but I seem to have a problem with getting my routing set up correctly. I have a box installed in a network with no Internet access with the exception of OpenVPN to my server. Everything else is blocked leaving the LAN segment the box is on.



      The box opens a connection to my VPN server, so now I have p2p1 and tun0. The setup for /etc/network/interfaces is:



      # The loopback network interface
      auto lo
      iface lo inet loopback

      # The primary network interface
      auto eth0
      iface eth0 inet static
      address 192.168.56.211
      netmask 255.255.255.0
      gateway 192.168.56.251
      dns-nameservers 192.168.100.20 192.168.50.35


      The OpenVPN connection comes up and connects as you would expect, allowing me to SSH into the box via the VPN from outside the LAN. The issue is that all outgoing data is trying to use the local gateway. I haven't been able to get any routing configuration so far to pass the following:




      1. Local LAN via 192.168.56.251

      2. Secondary LAN (192.168.50.x) via 192.168.56.251

      3. VPN Server via 192.168.56.251

      4. Internet via tun0 (OpenVPN interface)


      I've tried using



      up route add -net 1.2.3.4/32 gw 10.8.4.9


      to configure at least one server to get a connection via the VPN, but still no joy. It's like nothing is routing correctly. At the very minimum I at least need to get apt-get working via the VPN and then getting my webserver to go via it as well. I an cope with it being limited like that, but ideally I just want to fix it so the routes are correct!







      networking server openvpn routing






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jul 2 '15 at 10:23









      teknetiateknetia

      62




      62






















          1 Answer
          1






          active

          oldest

          votes


















          0














          In my case, eth1 is the device I want to be an available gateway on my LAN, and ppp0 is the name of my VPN connection when it's active on that machine (connects via eth0 but for deadswitch security we won't name it in the routing).



          Setup your IPtables for NAT from the LAN to the VPN-connected gateway:



          iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
          iptables -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
          iptables -A FORWARD -i eth1 -o ppp0 -j ACCEPT


          Remember to save your iptables and activate IP forwarding.






          share|improve this answer
























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "89"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f643519%2frouting-traffic-over-p2p1-and-tun0-correctly%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            In my case, eth1 is the device I want to be an available gateway on my LAN, and ppp0 is the name of my VPN connection when it's active on that machine (connects via eth0 but for deadswitch security we won't name it in the routing).



            Setup your IPtables for NAT from the LAN to the VPN-connected gateway:



            iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
            iptables -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
            iptables -A FORWARD -i eth1 -o ppp0 -j ACCEPT


            Remember to save your iptables and activate IP forwarding.






            share|improve this answer




























              0














              In my case, eth1 is the device I want to be an available gateway on my LAN, and ppp0 is the name of my VPN connection when it's active on that machine (connects via eth0 but for deadswitch security we won't name it in the routing).



              Setup your IPtables for NAT from the LAN to the VPN-connected gateway:



              iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
              iptables -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
              iptables -A FORWARD -i eth1 -o ppp0 -j ACCEPT


              Remember to save your iptables and activate IP forwarding.






              share|improve this answer


























                0












                0








                0







                In my case, eth1 is the device I want to be an available gateway on my LAN, and ppp0 is the name of my VPN connection when it's active on that machine (connects via eth0 but for deadswitch security we won't name it in the routing).



                Setup your IPtables for NAT from the LAN to the VPN-connected gateway:



                iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
                iptables -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
                iptables -A FORWARD -i eth1 -o ppp0 -j ACCEPT


                Remember to save your iptables and activate IP forwarding.






                share|improve this answer













                In my case, eth1 is the device I want to be an available gateway on my LAN, and ppp0 is the name of my VPN connection when it's active on that machine (connects via eth0 but for deadswitch security we won't name it in the routing).



                Setup your IPtables for NAT from the LAN to the VPN-connected gateway:



                iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
                iptables -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
                iptables -A FORWARD -i eth1 -o ppp0 -j ACCEPT


                Remember to save your iptables and activate IP forwarding.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Apr 1 at 21:21









                Charney KayeCharney Kaye

                392413




                392413






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Ask Ubuntu!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f643519%2frouting-traffic-over-p2p1-and-tun0-correctly%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    數位音樂下載

                    When can things happen in Etherscan, such as the picture below?

                    格利澤436b