2

I have set up a IPIP tunnel between my workstation and my server. I can add routes manually to have traffic going through the tunnel like this:

ip route ad 216.221.35.27 dev foo

I'm not sure however how I should configure my routes to have all my traffic (except traffic for the local network 192.168.1.0/24) going through the tunnel.

splattne
  • 28,508
  • 20
  • 98
  • 148
user10245
  • 31
  • 1
  • 3

4 Answers4

2

other posters are right - you route all traffic via tunnel... except traffic to the other endpoint of tunnel that should go via public internet. 

ip route del default
ip route add default via 10.1.2.3 dev tun0
ip route add 192.168.5.1 via 192.168.1.3 dev eth0

[ example assumes that you terminate tunnel at 192.168.1.3; your local gateway is at 192.168.5.1; your far end address of vpn tunnel tun0 is 10.1.2.3 ]

if you use openvpn - here's the description.

pQd
  • 29,981
  • 6
  • 66
  • 109
1

Finally, I did this, changing my default route:

route add default dev foo  
ip route add $REMOTE_END_IP via $MY_NORMAL_GATEWAY dev $DEVICE  
ip route flush cache
Eddie C.
  • 535
  • 1
  • 3
  • 12
user10245
  • 31
  • 1
  • 3
0

You'll need to add a default route through dev foo. Dunno how you'd do it with ip, but with route you could do it with route add default dev foo.

Cian
  • 5,838
  • 1
  • 28
  • 40
  • Adding a default route is not sufficient as to reach the remote end of the tunnel, I need to follow what is my current default route. I hoped to be able to do it without touching my default route, so as to limit the changes needed to activate/deactivate the tunnel. – user10245 Jul 26 '09 at 13:06
  • But that's what the default route is for. Maybe setting multiple default routes with different metrics may help you to recover the old route. What kind of VPN solution do you use? OpenVPN has the possibility to push routes. The old route will be recovered after disconecting. – Manuel Faux Jul 26 '09 at 13:13
  • It's not possible to do without modifying your default route. You'll need to add a specific route to the tunnel endpoint, so traffic to the tunnel itself can be routed. – Cian Jul 26 '09 at 13:14
-1

You have to set the default route of the workstation to the server:

route add default gw <server>

And also vice versa, if you want to do it symmetrically; but in this case you will have to configure the workstation to do routing.

Manuel Faux
  • 497
  • 3
  • 13
  • setting only the default route _only_ would render tunnel useless (as tunnel itself would have to go through the tunnel, it's nonsense situation) – asdmin Jul 27 '09 at 07:44
  • That is correct, but he said, he already set up the tunnel, so I assumed he already configured the basic routes through his network. – Manuel Faux Jul 27 '09 at 07:54