1

I'm having some issues with OpenVPN and multiple VPNs. Not earth shattering, but after bringing up a combination of VPNs I didn't intend to I've ended up in a situation I don't understand. Looking at the following output;

C:\Users\craig>route print
===========================================================================
Interface List
 60...........................Nlwt Tun
  5...00 ff 28 fe 53 4f ......TAP-NordVPN Windows Adapter V9
 16...a8 6d aa 2b 75 b9 ......Intel(R) Wireless-AC 9260 160MHz
 21...a8 6d aa 2b 75 ba ......Microsoft Wi-Fi Direct Virtual Adapter
 17...aa 6d aa 2b 75 b9 ......Microsoft Wi-Fi Direct Virtual Adapter #2
 14...c8 f7 50 3e 3b 20 ......Intel(R) Ethernet Connection (7) I219-LM
  8...00 ff 3a cd cd 66 ......TAP-Windows Adapter V9
 22...00 ff e8 c6 1b 54 ......TAP-Windows Adapter V9 #2
  9...00 ff 49 67 a3 95 ......TAP-Windows Adapter V9 #3
 12...a8 6d aa 2b 75 bd ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.8.254    192.168.8.166     35
          0.0.0.0        128.0.0.0  192.168.145.129  192.168.145.221     35
          0.0.0.0        128.0.0.0         10.7.3.1         10.7.3.3     35
         10.7.3.0    255.255.255.0         On-link          10.7.3.3    291
         10.7.3.3  255.255.255.255         On-link          10.7.3.3    291
       10.7.3.255  255.255.255.255         On-link          10.7.3.3    291
         10.8.0.1  255.255.255.255        10.8.0.29        10.8.0.30     35
        10.8.0.28  255.255.255.252         On-link         10.8.0.30    291
        10.8.0.30  255.255.255.255         On-link         10.8.0.30    291
        10.8.0.31  255.255.255.255         On-link         10.8.0.30    291
     92.12.132.63  255.255.255.255    192.168.8.254    192.168.8.166     35
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        128.0.0.0        128.0.0.0  192.168.145.129  192.168.145.221     35
        128.0.0.0        128.0.0.0         10.7.3.1         10.7.3.3     35
      192.168.8.0    255.255.255.0         On-link     192.168.8.166    291
    192.168.8.166  255.255.255.255         On-link     192.168.8.166    291
    192.168.8.255  255.255.255.255         On-link     192.168.8.166    291
    192.168.145.0    255.255.255.0         On-link   192.168.145.221    291
  192.168.145.221  255.255.255.255         On-link   192.168.145.221    291
  192.168.145.255  255.255.255.255         On-link   192.168.145.221    291
   195.206.183.56  255.255.255.255    192.168.8.254    192.168.8.166     35
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link         10.8.0.30    291
        224.0.0.0        240.0.0.0         On-link   192.168.145.221    291
        224.0.0.0        240.0.0.0         On-link          10.7.3.3    291
        224.0.0.0        240.0.0.0         On-link     192.168.8.166    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link         10.8.0.30    291
  255.255.255.255  255.255.255.255         On-link   192.168.145.221    291
  255.255.255.255  255.255.255.255         On-link          10.7.3.3    291
  255.255.255.255  255.255.255.255         On-link     192.168.8.166    291
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  1    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

C:\Users\craig>ping 10.7.0.1

Pinging 10.7.0.1 with 32 bytes of data:
Reply from 10.7.0.1: bytes=32 time=38ms TTL=64
Reply from 10.7.0.1: bytes=32 time=38ms TTL=64
Reply from 10.7.0.1: bytes=32 time=38ms TTL=64

Ping statistics for 10.7.0.1:
    Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 38ms, Maximum = 38ms, Average = 38ms

C:\Users\craig>ipconfig

Windows IP Configuration

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : home
   IPv4 Address. . . . . . . . . . . : 192.168.8.166
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.8.254

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 10.8.0.30
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Default Gateway . . . . . . . . . :

Ethernet adapter Ethernet 3:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 192.168.145.221
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Ethernet adapter Ethernet 4:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 10.7.3.3
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

I'm able to ping 10.7.0.1, which is working fine for Windows filesharing, but I see no way it should be working. The only 10.7.x.x in there is 10.7.3.x, and since none of the netmasks allow the third octet to vary how can this machine be successfully routing to 10.7.0.x? Am I missing something in how a gateway and netmask combine to indicate the addresses the gateway can be used for?

What I should have here is a VPN to 10.8.0.1, one to 10.7.0.1 and physical networks 192.168.8.x and 192.168.145.x (which is actually disconnected). 10.7.3.3 is a NordVPN that accidentally got left to start on boot, along with a few others that errored when there were no more free TAP interfaces.

Craig Graham
  • 183
  • 3
  • 7

1 Answers1

2

Your first line:

Network Destination        Netmask          Gateway       Interface  Metric
      0.0.0.0          0.0.0.0    192.168.8.254    192.168.8.166     35

lists the default route. The default matches any route that isn't matched by any more specific route. So when you ping 10.7.0.1, the PC looks for the best (longest) route to that destination. Since no other route matches, the default route is used.

Without a default route, you would need a route to every network on the Internet (currently about 400,000 routes). That's a lot of entries in your route table :)

Ron Trunk
  • 2,159
  • 1
  • 11
  • 19
  • Thanks. Thing is, 192.168.8.x is the office network, so yes that's the default route to the outside world. 10.7.0.x though is a vpn from my laptop to my machine at home. The router at 192.168.8.254 has no knowledge of it and can't route packets to it. 10.x.x.x are private addresses, not something you can route to through the outside world the same as, say, 11.x.x.x – Craig Graham Oct 07 '20 at 07:03
  • You can try using traceroute to see where the packets are going. It's possible that the address is used elsewhere on your office network. – Ron Trunk Oct 07 '20 at 14:14
  • It's definitely the same machine- I was using shared files off it. I tried traceroute, but it simply showed the one hop, to 10.7.0.1. So it verified there wasn't some other weird route through another VPN but didn't seem to give any info worth pasting in my original post. – Craig Graham Oct 07 '20 at 18:13
  • A common configuration of VPNs is to use the default route. Any traffic that falls in the encryption domain gets encrypted. That doesn't mean that there will be a separate route in your route table. – Ron Trunk Oct 07 '20 at 18:27