Page 2 of 3
Re: Routing Specific IP over OpenVPN
Posted: Wed Oct 18, 2017 12:07 am
by ispyisail
Just for fun I did some tests
It does work
Code: Select all
push "route 66.175.212.222 255.255.255.255 10.8.0.1"
Code: Select all
mode server
port 1194
proto udp
tls-server
ifconfig 10.8.0.1 255.255.255.0
topology subnet
client-config-dir /etc/openvpn/ccd
client-to-client
cipher AES-256-CBC
dev tun
keepalive 25 180
status /var/run/openvpn_status
verb 3
dh /etc/openvpn/dh1024.pem
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
tls-auth /etc/openvpn/ta.key 0
persist-key
persist-tun
comp-lzo
push "topology subnet"
push "route-gateway 10.8.0.1"
push "route 66.175.212.222 255.255.255.255 10.8.0.1"
Client config
Code: Select all
client
remote 192.168.180.103 1194
dev tun
proto udp
status current_status
resolv-retry infinite
remote-cert-tls server
topology subnet
verb 3
cipher AES-256-CBC
ca ca.crt
cert client100.crt
key client100.key
tls-auth ta.key 1
nobind
persist-key
persist-tun
comp-lzo
Re: Routing Specific IP over OpenVPN
Posted: Wed Oct 18, 2017 12:08 am
by ispyisail
This is with the VPN enabled
Code: Select all
C:\Users\user>tracert 66.175.212.222
Tracing route to api.tablotv.com [66.175.212.222]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 10.8.0.1
2 2 ms 2 ms 1 ms 192.168.180.1
3 3 ms 2 ms 2 ms 192.168.88.1
4 6 ms 3 ms 8 ms 180.222.67.75
5 7 ms 7 ms 8 ms pe-10g.uber.co.nz [180.222.67.66]
6 15 ms 8 ms 10 ms 49.59.69.111.static.snap.net.nz [111.69.59.49]
7 133 ms 136 ms 131 ms xe-0-0-24-3.a00.snjsca04.us.ce.gin.ntt.net [129.250.200.102]
8 134 ms 135 ms 144 ms xe-0-0-24-3.a00.snjsca04.us.bb.gin.ntt.net [129.250.200.101]
9 134 ms 142 ms 132 ms ae-1.r01.snjsca04.us.bb.gin.ntt.net [129.250.2.229]
10 174 ms 134 ms 134 ms ae-10.r23.snjsca04.us.bb.gin.ntt.net [129.250.3.174]
11 166 ms 175 ms 160 ms ae-3.r21.sttlwa01.us.bb.gin.ntt.net [129.250.3.125]
12 151 ms 149 ms 157 ms ae-0.r20.sttlwa01.us.bb.gin.ntt.net [129.250.2.53]
13 225 ms 219 ms 221 ms ae-0.r24.nycmny01.us.bb.gin.ntt.net [129.250.4.14]
14 248 ms 218 ms 217 ms ae-1.r07.nycmny01.us.bb.gin.ntt.net [129.250.3.181]
15 228 ms 217 ms 231 ms ae-0.a02.nycmny01.us.bb.gin.ntt.net [129.250.6.51]
16 210 ms 211 ms 211 ms 192.80.16.18
17 215 ms 213 ms 220 ms 173.255.239.5
18 212 ms 213 ms 211 ms api.tablotv.com [66.175.212.222]
Trace complete.
Re: Routing Specific IP over OpenVPN
Posted: Wed Oct 18, 2017 12:09 am
by ispyisail
With VPN disabled
Code: Select all
C:\Users\user>tracert 66.175.212.222
Tracing route to api.tablotv.com [66.175.212.222]
over a maximum of 30 hops:
1 <1 ms 1 ms <1 ms Gargoyle.lan [192.168.10.1]
2 1 ms <1 ms 1 ms 192.168.180.1
3 2 ms 1 ms 1 ms 192.168.88.1
4 5 ms 3 ms 5 ms 180.222.67.75
5 3 ms 7 ms 6 ms pe-10g.uber.co.nz [180.222.67.66]
6 8 ms 6 ms 9 ms 49.59.69.111.static.snap.net.nz [111.69.59.49]
7 146 ms 133 ms 130 ms xe-0-0-24-3.a00.snjsca04.us.ce.gin.ntt.net [129.250.200.102]
8 138 ms 139 ms 135 ms xe-0-0-24-3.a00.snjsca04.us.bb.gin.ntt.net [129.250.200.101]
9 132 ms 131 ms 133 ms ae-1.r01.snjsca04.us.bb.gin.ntt.net [129.250.2.229]
10 138 ms 130 ms 133 ms ae-10.r23.snjsca04.us.bb.gin.ntt.net [129.250.3.174]
11 167 ms 153 ms 151 ms ae-3.r21.sttlwa01.us.bb.gin.ntt.net [129.250.3.125]
12 162 ms 153 ms 152 ms ae-0.r20.sttlwa01.us.bb.gin.ntt.net [129.250.2.53]
13 226 ms 219 ms 220 ms ae-0.r24.nycmny01.us.bb.gin.ntt.net [129.250.4.14]
14 227 ms 222 ms 229 ms ae-1.r07.nycmny01.us.bb.gin.ntt.net [129.250.3.181]
15 216 ms 222 ms 220 ms ae-0.a02.nycmny01.us.bb.gin.ntt.net [129.250.6.51]
16 211 ms 210 ms 210 ms 192.80.16.18
17 209 ms 214 ms 211 ms 173.255.239.5
18 210 ms 210 ms 210 ms api.tablotv.com [66.175.212.222]
Trace complete.
Re: Routing Specific IP over OpenVPN
Posted: Wed Oct 18, 2017 12:11 am
by ispyisail
With VPN enabled
Code: Select all
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.138 35
10.8.0.0 255.255.255.0 On-link 10.8.0.2 291
10.8.0.2 255.255.255.255 On-link 10.8.0.2 291
10.8.0.255 255.255.255.255 On-link 10.8.0.2 291
66.175.212.222 255.255.255.255 10.8.0.1 10.8.0.2 291
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.10.0 255.255.255.0 On-link 192.168.10.138 291
192.168.10.138 255.255.255.255 On-link 192.168.10.138 291
192.168.10.255 255.255.255.255 On-link 192.168.10.138 291
192.168.99.0 255.255.255.0 10.8.0.1 10.8.0.2 291
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.8.0.2 291
224.0.0.0 240.0.0.0 On-link 192.168.10.138 291
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.8.0.2 291
255.255.255.255 255.255.255.255 On-link 192.168.10.138 291
===========================================================================
Persistent Routes:
None
Re: Routing Specific IP over OpenVPN
Posted: Wed Oct 18, 2017 12:12 am
by ispyisail
With VPN disabled
Code: Select all
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.138 35
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.10.0 255.255.255.0 On-link 192.168.10.138 291
192.168.10.138 255.255.255.255 On-link 192.168.10.138 291
192.168.10.255 255.255.255.255 On-link 192.168.10.138 291
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.10.138 291
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.10.138 291
===========================================================================
Persistent Routes:
None
Re: Routing Specific IP over OpenVPN
Posted: Wed Oct 18, 2017 9:38 pm
by pbix
I really do appreciate you helping me with this issue. Thanks for the investigation. Lots of good screen shots there. I just need a way to duplicate your results I think.
1) I cannot find any config file on the openvpn client. You show one. Where can I find this?
2) When making changes in any config file what is required to get those changes to be effective? Can I just restart openvpn?
3) All the information I showed was generated on the router itself. It looks like some or all of the printouts you show are generated on a Windows box. Is that the case? What happens when you do these same things just on the router boxes themselves?
Re: Routing Specific IP over OpenVPN
Posted: Wed Oct 18, 2017 10:55 pm
by ispyisail
1) I cannot find any config file on the openvpn client. You show one. Where can I find this?
You download it from the OpenVPN server
I used a windows openVPN client so its stored in a different place
I think the file is stored in openvpn client
Re: Routing Specific IP over OpenVPN
Posted: Wed Oct 18, 2017 10:56 pm
by ispyisail
2) When making changes in any config file what is required to get those changes to be effective? Can I just restart openvpn?
I just re-started
No doubt there will be a command
Re: Routing Specific IP over OpenVPN
Posted: Wed Oct 18, 2017 10:58 pm
by ispyisail
3) All the information I showed was generated on the router itself. It looks like some or all of the printouts you show are generated on a Windows box. Is that the case? What happens when you do these same things just on the router boxes themselves?
yes
It the same principle
I would have to break my config to try but if I need to I can
Re: Routing Specific IP over OpenVPN
Posted: Wed Oct 18, 2017 11:05 pm
by ispyisail
Network Diagram
