0

I'm using a VPN which use Bitmask to create the tunnel. I'd like to access my local network and hence added a route using ip route add:

ip route add 172.16.0.0/16 via 172.16.46.1

I got the the gateway by using ip route show | grep default which I found on another Stackexchange answer. However, this did not work. I specified the device as well but that didn't work either.

This is the output of ip route show

0.0.0.0/1 via 10.41.0.1 dev tun1 
default via 172.16.46.1 dev enp3s0 proto dhcp metric 20100 
10.41.0.0/21 dev tun1 proto kernel scope link src 10.41.0.89 
10.41.0.0/21 dev tun0 proto kernel scope link src 10.41.0.37 
37.218.241.7 via 172.16.46.1 dev enp3s0 
128.0.0.0/1 via 10.41.0.1 dev tun1 
169.254.0.0/16 dev enp3s0 scope link metric 1000 
172.16.0.0/16 via 172.16.46.1 dev enp3s0 
172.16.46.0/23 dev enp3s0 proto kernel scope link src 172.16.46.104 metric 100 
198.252.153.28 via 172.16.46.1 dev enp3s0 
212.83.143.67 via 172.16.46.1 dev enp3s0

My route does seem to get added to the routing table. However, I still cannot access website in my local network, nor can I ping them. Doing a similiar thing (route add 172.16.0.0 MASK 255.255.0.0 172.16.46.1) on Windows works perfectly.

Does the order of the routes as outputted by ip route show affect the final route chose? The default route (0.0.0.0) is through the tun1, an interface created by the VPN software. Will that route be chosen first? What am I doing wrong?

Thanks.

abhijeetviswa
  • 1
  • 2
  • "*However, I still cannot access website in my local network, nor can I ping them*" don't tell us, show us. – MadHatter Aug 23 '19 at 06:04
  • I'm not sure how to show you. I can't access any intranet websites (University captive portal). – abhijeetviswa Aug 23 '19 at 16:10
  • Cut and paste. Show us the commands you typed, and the output you got. Imagine you're trying to *prove* your assertions to a colleague, instead of just stating "*I tested X and it failed.*". – MadHatter Aug 23 '19 at 17:59

1 Answers1

0

How to troubleshoot your issue in two steps:

  1. Check the actual route to the ip address of the site with the ip route get <dst-ip>.

  2. Run the tcpdump -ni enp3s0 'ip host <site-ip>' and check the traffic. When you run the ping you should see outgoing ICMP echo requests. If you see them, you should check the remote side - an issue somewhere else, not on your host. On the windows run the wireshark and then compare the results.

Anton Danilov
  • 5,082
  • 2
  • 13
  • 23
  • `172.16.0.30 via 172.16.95.129 dev enp3s0 src 172.16.95.195 uid 1000 cache` This is what `ip route get 172.16.0.30` returns. I try to ping this server (after doing the tcpdump) and the error I get is `From 172.16.46.1 icmp_seq=4 Destination Port Unreachable ping: sendmsg: Operation not permitted` – abhijeetviswa Aug 23 '19 at 17:44
  • Have you run the tcpdump? What have you seen in the output? As you can see the host `172.16.46.1` answers you with error. Check the firewall on that host. – Anton Danilov Aug 24 '19 at 08:27