0

i'm facing a problem in a script i'm writing to route my home network. Basically on my router i have 3 interfaces (WAN and 2 VPN tunnels) clients should be routed via one of these interfaces on a sourceIP basis.

Actually the script runs on a Asus router (wan and 1 vpn) running Asuswrt-merlin but i'm trying to write it for 1 wan and 2 vpns in a way it can eventually run even on Asuswrt and ubuntu thus using basic shell commands (but i guess that if it works on merlin it will work on the other two as well).

The test script works fine but i had to hard-code the gateways of the 2 tun interfaces because i didn't find a way to extract such information from shell commands like ifconfig/ip route/ip a/ etc.

To be more specific, the three interfaces are dhcp based. The WAN interface points to another router in my network so the gateway is known. This is the default route (default… via… dev eth0)

The tun11 and tun12 connects to a vpn provider (openvpn) but only the first interface completing the connection gets added to the main route table in the form of "0.0.0.0/1... via [IP] dev tun1X" thus revealing its gateway (via [IP]).

The other one gets not, and i can't find the third gateway ip nowhere else. Of course if i can't get this information dynamically the script gets pretty useless.

EDIT:

ip route show table all

192.168.200.200 dev eth0  table wan0  proto kernel  scope link
YYY.YYY.YYY.116 via 192.168.200.200 dev eth0  table wan0
10.12.134.0/25 dev tun12  table wan0  proto kernel  scope link  src     10.12.134.2
192.168.200.0/24 dev eth0  table wan0  proto kernel  scope link  src 192.168.200.254
10.0.0.0/24 dev br0  table wan0  proto kernel  scope link  src 10.0.0.254
127.0.0.0/8 dev lo  table wan0  scope link
default via 192.168.200.200 dev eth0  table wan0
192.168.200.200 dev eth0  proto kernel  scope link
YYY.YYY.YYY.116 via 192.168.200.200 dev eth0
XXX.XXX.XXX.96/27 dev tun11  proto kernel  scope link  src XXX.XXX.XXX.98
10.12.134.0/25 dev tun12  proto kernel  scope link  src 10.12.134.2
192.168.200.0/24 dev eth0  proto kernel  scope link  src 192.168.200.254
10.0.0.0/24 dev br0  proto kernel  scope link  src 10.0.0.254
127.0.0.0/8 dev lo  scope link
0.0.0.0/1 via XXX.XXX.XXX.97 dev tun11
128.0.0.0/1 via XXX.XXX.XXX.97 dev tun11
default via 192.168.200.200 dev eth0
broadcast XXX.XXX.XXX.96 dev tun11  table local  proto kernel  scope link src XXX.XXX.XXX.98
broadcast 192.168.200.0 dev eth0  table local  proto kernel  scope link  src 192.168.200.254
broadcast 127.255.255.255 dev lo  table local  proto kernel  scope link  src 127.0.0.1
local XXX.XXX.XXX.98 dev tun11  table local  proto kernel  scope host  src XXX.XXX.XXX.98
broadcast 10.12.134.127 dev tun12  table local  proto kernel  scope link  src 10.12.134.2
local 10.0.0.254 dev br0  table local  proto kernel  scope host  src 10.0.0.254
local 127.0.1.1 dev lo  table local  proto kernel  scope host  src 127.0.0.1
broadcast 10.0.0.255 dev br0  table local  proto kernel  scope link  src 10.0.0.254
local 192.168.200.254 dev eth0  table local  proto kernel  scope host  src 192.168.200.254
broadcast 192.168.200.255 dev eth0  table local  proto kernel  scope link  src 192.168.200.254
local 10.12.134.2 dev tun12  table local  proto kernel  scope host  src 10.12.134.2
broadcast 10.12.134.0 dev tun12  table local  proto kernel  scope link  src 10.12.134.2
broadcast XXX.XXX.XXX.127 dev tun11  table local  proto kernel  scope link  src XXX.XXX.XXX.98
local 127.0.0.1 dev lo  table local  proto kernel  scope host  src 127.0.0.1
broadcast 10.0.0.0 dev br0  table local  proto kernel  scope link  src 10.0.0.254
local 127.0.0.0/8 dev lo  table local  proto kernel  scope host  src 127.0.0.1
unreachable default dev lo  table 0  proto kernel  metric 4294967295  error -101 hoplimit 255
unreachable default dev lo  table 0  proto kernel  metric 4294967295  error -101 hoplimit 255

From here i can get all relevant information (subnets, ip, gateways) but not the tun12 gateway. It doesn't get added.

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.200.200 0.0.0.0         255.255.255.255 UH    0      0        0 eth0
YYY.YYY.YYY.116 192.168.200.200 255.255.255.255 UGH   0      0        0 eth0
XXX.XXX.XXX.96  0.0.0.0         255.255.255.224 U     0      0        0 tun11
10.12.134.0     0.0.0.0         255.255.255.128 U     0      0        0 tun12
192.168.200.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 br0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         XXX.XXX.XXX.97  128.0.0.0       UG    0      0        0 tun11
128.0.0.0       XXX.XXX.XXX.97  128.0.0.0       UG    0      0        0 tun11
0.0.0.0         192.168.200.200 0.0.0.0         UG    0      0        0 eth0

nor here… Also specific routing tables associated to the two vpns are empty (table 111 and 112)

EDIT: To further clarify the question, so far, i can get (using above outputs):

WAN IP:      192.168.200.254
WAN subnet:  192.168.200.0/24
WAN gateway: 192.168.200.200

tun11 IP:      XXX.XXX.XXX.98
tun11 subnet:  XXX.XXX.XXX.96/27
tun11 gateway: XXX.XXX.XXX.97

tun12 IP:      10.12.134.2
tun12 subnet:  10.12.134.0/25
tun12 gateway: ???

I need tun12 gateway to properly build a routing rule for it using my script. What am i missing? or really this can't be done because web seems to lack solutions. thanks in advance!

Fulvio
  • 1
  • 3
  • You only listed `main` routing table. List them all. `ip route show table all`. – KamilCuk Dec 29 '19 at 10:31
  • changed show table main with show table all, thanks – Fulvio Dec 29 '19 at 10:40
  • What exactly is your problem? What are you solving? @edit It has none. A "gateway" is not "of a interface", a "gateway" is just where the packet goes, it can go through any interface to any ip. – KamilCuk Dec 29 '19 at 10:42
  • Still can't find gateway of interface tun12 – Fulvio Dec 29 '19 at 10:44
  • Perhaps i wasn't clear, i'll try to explain better. from that output i'm able to get: 1)wan ip, wan subnet, wan gateway 2)tun11 ip, tun11 subnet, tun11 gateway 3) tun12 ip, tun12 subnet but not the gateway, and i need it :) – Fulvio Dec 29 '19 at 10:49

1 Answers1

0

So far i wasn't able to find a corresponding command for windows "ipconfig /all" in asuswrt or ubuntu. i'm sure i'm missing something. When you run that command on windows you can see at any time a list of all the network interfaces with their current ip/subnet/gateway/dns.

I think i've anyway found a way to workaround this. Just to summarize the problem once again, this is what actually happens into my system

  1. wan interface comes up
  2. in ip route main table a "default via WANGATEWAYIP dev WANINTERFACE" route gets added
  3. tun11 (vpn1) interface comes up
  4. in ip route main table a "0.0.0.0/1 via VPN1GATEWAYIP dev tun11" route gets added
  5. tun12 (vpn2) interface comes up
  6. in ip route main table nothing gets added because (i think) there's already one "default" route and one "0.0.0.0/1" route.

This way i'm able to get the gateway for wan, tun11 but not for tun12. And since i don't have something like "ipconfig /all" i didn't found another way to get this gateway ip.

The workaround i found is this:

  1. when tun11 interface comes up a script scans the ip route main table for a "0.0.0.0/1" route and saves the gateway ip (i then use this to build a proper default rule in a custom table of ip route where all traffic for that interface is routed to via marks)
  2. the script then removes the "0.0.0.0/1" route from ip route table main
  3. when tun12 interface comes up a new "0.0.0.0/1" route gets successfully added (since the previous one has been removed)
  4. the script reads the tun12 gateway ip and build the default route in another table.

It's been about ten days it's working now, but i guess i could hit some problems due to asynchronicity soon or later. i don't really like this approach so if someone could suggest a better one it would be great

thanks

Fulvio
  • 1
  • 3