Routing Specific IP over OpenVPN

Report wireless and/or network connectivity problems in this forum.

Moderator: Moderators

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Routing Specific IP over OpenVPN

Post by ispyisail »

Just for fun I did some tests

It does work

Code: Select all

push "route 66.175.212.222 255.255.255.255 10.8.0.1"

Code: Select all

/etc/openvpn/server.conf

Code: Select all

mode                  server
port                  1194
proto                 udp
tls-server
ifconfig              10.8.0.1 255.255.255.0
topology              subnet
client-config-dir     /etc/openvpn/ccd
client-to-client




cipher                AES-256-CBC


dev                   tun
keepalive             25 180
status                /var/run/openvpn_status
verb                  3


dh                    /etc/openvpn/dh1024.pem
ca                    /etc/openvpn/ca.crt
cert                  /etc/openvpn/server.crt
key                   /etc/openvpn/server.key
tls-auth              /etc/openvpn/ta.key 0

persist-key
persist-tun
comp-lzo

push "topology subnet"
push "route-gateway 10.8.0.1"
push "route 66.175.212.222 255.255.255.255 10.8.0.1"
Client config

Code: Select all

client
remote          192.168.180.103 1194
dev             tun
proto           udp
status          current_status
resolv-retry    infinite
remote-cert-tls server
topology        subnet
verb            3

cipher          AES-256-CBC


ca              ca.crt
cert            client100.crt
key             client100.key
tls-auth        ta.key 1

nobind
persist-key
persist-tun
comp-lzo

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Routing Specific IP over OpenVPN

Post by ispyisail »

This is with the VPN enabled

Code: Select all

C:\Users\user>tracert 66.175.212.222

Tracing route to api.tablotv.com [66.175.212.222]
over a maximum of 30 hops:

  1     1 ms     1 ms     1 ms  10.8.0.1
  2     2 ms     2 ms     1 ms  192.168.180.1
  3     3 ms     2 ms     2 ms  192.168.88.1
  4     6 ms     3 ms     8 ms  180.222.67.75
  5     7 ms     7 ms     8 ms  pe-10g.uber.co.nz [180.222.67.66]
  6    15 ms     8 ms    10 ms  49.59.69.111.static.snap.net.nz [111.69.59.49]
  7   133 ms   136 ms   131 ms  xe-0-0-24-3.a00.snjsca04.us.ce.gin.ntt.net [129.250.200.102]
  8   134 ms   135 ms   144 ms  xe-0-0-24-3.a00.snjsca04.us.bb.gin.ntt.net [129.250.200.101]
  9   134 ms   142 ms   132 ms  ae-1.r01.snjsca04.us.bb.gin.ntt.net [129.250.2.229]
 10   174 ms   134 ms   134 ms  ae-10.r23.snjsca04.us.bb.gin.ntt.net [129.250.3.174]
 11   166 ms   175 ms   160 ms  ae-3.r21.sttlwa01.us.bb.gin.ntt.net [129.250.3.125]
 12   151 ms   149 ms   157 ms  ae-0.r20.sttlwa01.us.bb.gin.ntt.net [129.250.2.53]
 13   225 ms   219 ms   221 ms  ae-0.r24.nycmny01.us.bb.gin.ntt.net [129.250.4.14]
 14   248 ms   218 ms   217 ms  ae-1.r07.nycmny01.us.bb.gin.ntt.net [129.250.3.181]
 15   228 ms   217 ms   231 ms  ae-0.a02.nycmny01.us.bb.gin.ntt.net [129.250.6.51]
 16   210 ms   211 ms   211 ms  192.80.16.18
 17   215 ms   213 ms   220 ms  173.255.239.5
 18   212 ms   213 ms   211 ms  api.tablotv.com [66.175.212.222]

Trace complete.

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Routing Specific IP over OpenVPN

Post by ispyisail »

With VPN disabled

Code: Select all

C:\Users\user>tracert 66.175.212.222

Tracing route to api.tablotv.com [66.175.212.222]
over a maximum of 30 hops:

  1    <1 ms     1 ms    <1 ms  Gargoyle.lan [192.168.10.1]
  2     1 ms    <1 ms     1 ms  192.168.180.1
  3     2 ms     1 ms     1 ms  192.168.88.1
  4     5 ms     3 ms     5 ms  180.222.67.75
  5     3 ms     7 ms     6 ms  pe-10g.uber.co.nz [180.222.67.66]
  6     8 ms     6 ms     9 ms  49.59.69.111.static.snap.net.nz [111.69.59.49]
  7   146 ms   133 ms   130 ms  xe-0-0-24-3.a00.snjsca04.us.ce.gin.ntt.net [129.250.200.102]
  8   138 ms   139 ms   135 ms  xe-0-0-24-3.a00.snjsca04.us.bb.gin.ntt.net [129.250.200.101]
  9   132 ms   131 ms   133 ms  ae-1.r01.snjsca04.us.bb.gin.ntt.net [129.250.2.229]
 10   138 ms   130 ms   133 ms  ae-10.r23.snjsca04.us.bb.gin.ntt.net [129.250.3.174]
 11   167 ms   153 ms   151 ms  ae-3.r21.sttlwa01.us.bb.gin.ntt.net [129.250.3.125]
 12   162 ms   153 ms   152 ms  ae-0.r20.sttlwa01.us.bb.gin.ntt.net [129.250.2.53]
 13   226 ms   219 ms   220 ms  ae-0.r24.nycmny01.us.bb.gin.ntt.net [129.250.4.14]
 14   227 ms   222 ms   229 ms  ae-1.r07.nycmny01.us.bb.gin.ntt.net [129.250.3.181]
 15   216 ms   222 ms   220 ms  ae-0.a02.nycmny01.us.bb.gin.ntt.net [129.250.6.51]
 16   211 ms   210 ms   210 ms  192.80.16.18
 17   209 ms   214 ms   211 ms  173.255.239.5
 18   210 ms   210 ms   210 ms  api.tablotv.com [66.175.212.222]

Trace complete.

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Routing Specific IP over OpenVPN

Post by ispyisail »

With VPN enabled

Code: Select all

C:\Users\user>route print

Code: Select all

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.10.1   192.168.10.138     35
         10.8.0.0    255.255.255.0         On-link          10.8.0.2    291
         10.8.0.2  255.255.255.255         On-link          10.8.0.2    291
       10.8.0.255  255.255.255.255         On-link          10.8.0.2    291
   66.175.212.222  255.255.255.255         10.8.0.1         10.8.0.2    291
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
     192.168.10.0    255.255.255.0         On-link    192.168.10.138    291
   192.168.10.138  255.255.255.255         On-link    192.168.10.138    291
   192.168.10.255  255.255.255.255         On-link    192.168.10.138    291
     192.168.99.0    255.255.255.0         10.8.0.1         10.8.0.2    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link          10.8.0.2    291
        224.0.0.0        240.0.0.0         On-link    192.168.10.138    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link          10.8.0.2    291
  255.255.255.255  255.255.255.255         On-link    192.168.10.138    291
===========================================================================
Persistent Routes:
  None

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Routing Specific IP over OpenVPN

Post by ispyisail »

With VPN disabled

Code: Select all

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.10.1   192.168.10.138     35
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
     192.168.10.0    255.255.255.0         On-link    192.168.10.138    291
   192.168.10.138  255.255.255.255         On-link    192.168.10.138    291
   192.168.10.255  255.255.255.255         On-link    192.168.10.138    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link    192.168.10.138    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link    192.168.10.138    291
===========================================================================
Persistent Routes:
  None

pbix
Developer
Posts: 1373
Joined: Fri Aug 21, 2009 5:09 pm

Re: Routing Specific IP over OpenVPN

Post by pbix »

I really do appreciate you helping me with this issue. Thanks for the investigation. Lots of good screen shots there. I just need a way to duplicate your results I think.

1) I cannot find any config file on the openvpn client. You show one. Where can I find this?

2) When making changes in any config file what is required to get those changes to be effective? Can I just restart openvpn?

3) All the information I showed was generated on the router itself. It looks like some or all of the printouts you show are generated on a Windows box. Is that the case? What happens when you do these same things just on the router boxes themselves?
Linksys WRT1900ACv2
Netgear WNDR3700v2
TP Link 1043ND v3
TP-Link TL-WDR3600 v1
Buffalo WZR-HP-G300NH2
WRT54G-TM

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Routing Specific IP over OpenVPN

Post by ispyisail »

1) I cannot find any config file on the openvpn client. You show one. Where can I find this?
You download it from the OpenVPN server

Image

I used a windows openVPN client so its stored in a different place

I think the file is stored in openvpn client

Code: Select all

/etc/openvpn/xxxx.conf

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Routing Specific IP over OpenVPN

Post by ispyisail »

2) When making changes in any config file what is required to get those changes to be effective? Can I just restart openvpn?
I just re-started

No doubt there will be a command

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Routing Specific IP over OpenVPN

Post by ispyisail »

3) All the information I showed was generated on the router itself. It looks like some or all of the printouts you show are generated on a Windows box. Is that the case? What happens when you do these same things just on the router boxes themselves?
yes

It the same principle

I would have to break my config to try but if I need to I can

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Routing Specific IP over OpenVPN

Post by ispyisail »

Network Diagram

Image

Post Reply