0

When I connect to VPN network using command sudo openvpn my.ovpn browsing internet becomes impossible I've narrowed it down to incorrect routing table that openvpn makes. - But still it feels more like a wild guess... :/

$ sudo route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 wlp2s0
0.0.0.0         192.168.1.1     0.0.0.0         UG    600    0        0 wlp2s0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 wlp2s0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-f7335b6325f0
172.19.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-6c1adab37f3b
172.20.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-70ef8a9aefd2
172.21.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-62071bf2c0d4
172.22.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-c9fa9a847bb0
172.23.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-ce123fa76772
192.168.1.0     0.0.0.0         255.255.255.0   U     600    0        0 wlp2s0

And after I connect to the VPN my routing table looks like this

$ sudo route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.16.0.129    0.0.0.0         UG    0      0        0 tun0
0.0.0.0         192.168.1.1     0.0.0.0         UG    600    0        0 wlp2s0
10.0.0.0        172.16.0.129    255.255.0.0     UG    0      0        0 tun0
10.101.0.0      172.16.0.129    255.255.0.0     UG    0      0        0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 wlp2s0
172.16.0.128    0.0.0.0         255.255.255.128 U     0      0        0 tun0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-f7335b6325f0
172.19.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-6c1adab37f3b
172.20.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-70ef8a9aefd2
172.21.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-62071bf2c0d4
172.22.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-c9fa9a847bb0
172.23.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-ce123fa76772
192.168.1.0     0.0.0.0         255.255.255.0   U     600    0        0 wlp2s0
6.6.6.6         192.168.1.1     255.255.255.255 UGH   0      0        0 wlp2s0

6.6.6.6 - Fake ip address. Changed ip address of VPN server I'm connecting to

traceroute when NOT connected to the VPN server:

$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  livebox.home (192.168.1.1)  6.014 ms  7.916 ms  12.544 ms
 2  war-bng5.tpnet.pl (80.50.18.82)  71.976 ms  74.233 ms  76.108 ms
 3  war-r1.tpnet.pl (80.50.18.81)  53.427 ms  46.392 ms  50.110 ms
 4  ae106-10.ffttr6.frankfurt.opentransit.net (193.251.249.7)  78.465 ms  80.336 ms  84.105 ms
 5  72.14.214.52 (72.14.214.52)  86.035 ms  87.803 ms  90.152 ms
 6  * * 108.170.251.193 (108.170.251.193)  64.282 ms
 7  108.170.233.39 (108.170.233.39)  64.289 ms 108.170.228.133 (108.170.228.133)  66.307 ms 108.170.238.245 (108.170.238.245)  66.721 ms
 8  google-public-dns-a.google.com (8.8.8.8)  70.173 ms  43.889 ms  41.797 ms

traceroute when CONNECTED to the VPN

$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  * * *
(...) all the way to 30
30  * * *
sebastian_t
  • 111
  • 1
  • 5
  • please attempt to run a traceroute so you can see where your packets are going so you can narrow down what might be causing the problems. – Desultory Jan 03 '18 at 16:11
  • What is the server configuration? – Michael Hampton Jan 03 '18 at 16:26
  • I've edited traceroute to main post. – sebastian_t Jan 03 '18 at 16:58
  • Why do you have two default routes in the first place (before OpenVPN connection)? See two first routes. Your assumption seems to be correct (notice that default route via tun0 has lower metric), you can test it by deleting default route (after connection) with `route del -net 0.0.0.0/0 gw 172.16.0.129` and the internet should come back. – Michal Sokolowski Jan 04 '18 at 08:31
  • Who manages the server. What makes you think this probably is on the client and not the server? Do you actually want all your traffic to be tunneled through this server, or are you only using this for accessing a specific network? – Zoredache Jan 05 '18 at 02:13
  • Thank you Michal it worked - I also had to run ```sudo route add -net 0.0.0.0/0 gw 192.168.1.1``` How can I run it automatically. OpenVPN command apparently removed my default gateway route that's why I had to add it. /sbin/ip route del 0.0.0.0/0 /sbin/ip route add 0.0.0.0/0 via 172.16.0.129 How can I add it automatically when connecting via VPN or prevent OpenVPN from adding its own default route and removing my default. – sebastian_t Jan 05 '18 at 13:00

0 Answers0