Routing traffic over p2p1 and tun0 correctly The Next CEO of Stack OverflowHow to save rules of the iptables?How to make IP forwarding permanent?Connecting Two Computers Together: Assigning IP doesnt workRouting and Ip setupVpn traffic not going through tun0Unable to run 2 ethernet connections at the same timeRouting and OpenVPNIP forwarding over OpenVPN (tun0) with external forwarded portsHow to configure simple routing between NICsKubuntu network-manager-openvpn not routing traffic via VPN serverFallback routing in OpenVPNNetplan question. multiserver setup possible?

Variance of Monte Carlo integration with importance sampling

Does int main() need a declaration on C++?

subequations: How to continue numbering within subequation?

Car headlights in a world without electricity

What is the difference between 'contrib' and 'non-free' packages repositories?

How can I separate the number from the unit in argument?

Compensation for working overtime on Saturdays

pgfplots: How to draw a tangent graph below two others?

How to pronounce fünf in 45

What happens if you break a law in another country outside of that country?

My ex-girlfriend uses my Apple ID to login to her iPad, do I have to give her my Apple ID password to reset it?

Strange use of "whether ... than ..." in official text

MT "will strike" & LXX "will watch carefully" (Gen 3:15)?

What did the word "leisure" mean in late 18th Century usage?

Calculate the Mean mean of two numbers

How exploitable/balanced is this homebrew spell: Spell Permanency?

That's an odd coin - I wonder why

Ising model simulation

Is it possible to make a 9x9 table fit within the default margins?

What does this strange code stamp on my passport mean?

Is there a rule of thumb for determining the amount one should accept for of a settlement offer?

Which acid/base does a strong base/acid react when added to a buffer solution?

Is it okay to majorly distort historical facts while writing a fiction story?

Gauss' Posthumous Publications?



Routing traffic over p2p1 and tun0 correctly



The Next CEO of Stack OverflowHow to save rules of the iptables?How to make IP forwarding permanent?Connecting Two Computers Together: Assigning IP doesnt workRouting and Ip setupVpn traffic not going through tun0Unable to run 2 ethernet connections at the same timeRouting and OpenVPNIP forwarding over OpenVPN (tun0) with external forwarded portsHow to configure simple routing between NICsKubuntu network-manager-openvpn not routing traffic via VPN serverFallback routing in OpenVPNNetplan question. multiserver setup possible?










1















I have been trawling these questions and trying many different solutions to get this working, but I seem to have a problem with getting my routing set up correctly. I have a box installed in a network with no Internet access with the exception of OpenVPN to my server. Everything else is blocked leaving the LAN segment the box is on.



The box opens a connection to my VPN server, so now I have p2p1 and tun0. The setup for /etc/network/interfaces is:



# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
 address 192.168.56.211
 netmask 255.255.255.0
 gateway 192.168.56.251
 dns-nameservers 192.168.100.20 192.168.50.35


The OpenVPN connection comes up and connects as you would expect, allowing me to SSH into the box via the VPN from outside the LAN. The issue is that all outgoing data is trying to use the local gateway. I haven't been able to get any routing configuration so far to pass the following:



  1. Local LAN via 192.168.56.251

  2. Secondary LAN (192.168.50.x) via 192.168.56.251

  3. VPN Server via 192.168.56.251

  4. Internet via tun0 (OpenVPN interface)

I've tried using 



up route add -net 1.2.3.4/32 gw 10.8.4.9


to configure at least one server to get a connection via the VPN, but still no joy. It's like nothing is routing correctly. At the very minimum I at least need to get apt-get working via the VPN and then getting my webserver to go via it as well. I an cope with it being limited like that, but ideally I just want to fix it so the routes are correct!






networking server openvpn routing







share|improve this question


























    1















    I have been trawling these questions and trying many different solutions to get this working, but I seem to have a problem with getting my routing set up correctly. I have a box installed in a network with no Internet access with the exception of OpenVPN to my server. Everything else is blocked leaving the LAN segment the box is on.



    The box opens a connection to my VPN server, so now I have p2p1 and tun0. The setup for /etc/network/interfaces is:



    # The loopback network interface
    auto lo
    iface lo inet loopback

    # The primary network interface
    auto eth0
    iface eth0 inet static
     address 192.168.56.211
     netmask 255.255.255.0
     gateway 192.168.56.251
     dns-nameservers 192.168.100.20 192.168.50.35


    The OpenVPN connection comes up and connects as you would expect, allowing me to SSH into the box via the VPN from outside the LAN. The issue is that all outgoing data is trying to use the local gateway. I haven't been able to get any routing configuration so far to pass the following:



    1. Local LAN via 192.168.56.251

    2. Secondary LAN (192.168.50.x) via 192.168.56.251

    3. VPN Server via 192.168.56.251

    4. Internet via tun0 (OpenVPN interface)

    I've tried using 



    up route add -net 1.2.3.4/32 gw 10.8.4.9


    to configure at least one server to get a connection via the VPN, but still no joy. It's like nothing is routing correctly. At the very minimum I at least need to get apt-get working via the VPN and then getting my webserver to go via it as well. I an cope with it being limited like that, but ideally I just want to fix it so the routes are correct!






    networking server openvpn routing







    share|improve this question
























      1












      1








      1


      1






      I have been trawling these questions and trying many different solutions to get this working, but I seem to have a problem with getting my routing set up correctly. I have a box installed in a network with no Internet access with the exception of OpenVPN to my server. Everything else is blocked leaving the LAN segment the box is on.



      The box opens a connection to my VPN server, so now I have p2p1 and tun0. The setup for /etc/network/interfaces is:



      # The loopback network interface
      auto lo
      iface lo inet loopback

      # The primary network interface
      auto eth0
      iface eth0 inet static
       address 192.168.56.211
       netmask 255.255.255.0
       gateway 192.168.56.251
       dns-nameservers 192.168.100.20 192.168.50.35


      The OpenVPN connection comes up and connects as you would expect, allowing me to SSH into the box via the VPN from outside the LAN. The issue is that all outgoing data is trying to use the local gateway. I haven't been able to get any routing configuration so far to pass the following:



      1. Local LAN via 192.168.56.251

      2. Secondary LAN (192.168.50.x) via 192.168.56.251

      3. VPN Server via 192.168.56.251

      4. Internet via tun0 (OpenVPN interface)

      I've tried using 



      up route add -net 1.2.3.4/32 gw 10.8.4.9


      to configure at least one server to get a connection via the VPN, but still no joy. It's like nothing is routing correctly. At the very minimum I at least need to get apt-get working via the VPN and then getting my webserver to go via it as well. I an cope with it being limited like that, but ideally I just want to fix it so the routes are correct!






      networking server openvpn routing







      share|improve this question














      I have been trawling these questions and trying many different solutions to get this working, but I seem to have a problem with getting my routing set up correctly. I have a box installed in a network with no Internet access with the exception of OpenVPN to my server. Everything else is blocked leaving the LAN segment the box is on.



      The box opens a connection to my VPN server, so now I have p2p1 and tun0. The setup for /etc/network/interfaces is:



      # The loopback network interface
      auto lo
      iface lo inet loopback

      # The primary network interface
      auto eth0
      iface eth0 inet static
       address 192.168.56.211
       netmask 255.255.255.0
       gateway 192.168.56.251
       dns-nameservers 192.168.100.20 192.168.50.35


      The OpenVPN connection comes up and connects as you would expect, allowing me to SSH into the box via the VPN from outside the LAN. The issue is that all outgoing data is trying to use the local gateway. I haven't been able to get any routing configuration so far to pass the following:



      1. Local LAN via 192.168.56.251

      2. Secondary LAN (192.168.50.x) via 192.168.56.251

      3. VPN Server via 192.168.56.251

      4. Internet via tun0 (OpenVPN interface)

      I've tried using 



      up route add -net 1.2.3.4/32 gw 10.8.4.9


      to configure at least one server to get a connection via the VPN, but still no joy. It's like nothing is routing correctly. At the very minimum I at least need to get apt-get working via the VPN and then getting my webserver to go via it as well. I an cope with it being limited like that, but ideally I just want to fix it so the routes are correct!






      networking server openvpn routing




      networking server openvpn routing






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jul 2 '15 at 10:23









      teknetiateknetia

      62




      62




















          1 Answer
          1






          active

          oldest

          votes


















          0














          In my case, eth1 is the device I want to be an available gateway on my LAN, and ppp0 is the name of my VPN connection when it's active on that machine (connects via eth0 but for deadswitch security we won't name it in the routing).



          Setup your IPtables for NAT from the LAN to the VPN-connected gateway:



          iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
          iptables -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
          iptables -A FORWARD -i eth1 -o ppp0 -j ACCEPT


          Remember to save your iptables and activate IP forwarding.






          share|improve this answer























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "89"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f643519%2frouting-traffic-over-p2p1-and-tun0-correctly%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            In my case, eth1 is the device I want to be an available gateway on my LAN, and ppp0 is the name of my VPN connection when it's active on that machine (connects via eth0 but for deadswitch security we won't name it in the routing).



            Setup your IPtables for NAT from the LAN to the VPN-connected gateway:



            iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
            iptables -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
            iptables -A FORWARD -i eth1 -o ppp0 -j ACCEPT


            Remember to save your iptables and activate IP forwarding.






            share|improve this answer



























              0














              In my case, eth1 is the device I want to be an available gateway on my LAN, and ppp0 is the name of my VPN connection when it's active on that machine (connects via eth0 but for deadswitch security we won't name it in the routing).



              Setup your IPtables for NAT from the LAN to the VPN-connected gateway:



              iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
              iptables -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
              iptables -A FORWARD -i eth1 -o ppp0 -j ACCEPT


              Remember to save your iptables and activate IP forwarding.






              share|improve this answer

























                0












                0








                0







                In my case, eth1 is the device I want to be an available gateway on my LAN, and ppp0 is the name of my VPN connection when it's active on that machine (connects via eth0 but for deadswitch security we won't name it in the routing).



                Setup your IPtables for NAT from the LAN to the VPN-connected gateway:



                iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
                iptables -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
                iptables -A FORWARD -i eth1 -o ppp0 -j ACCEPT


                Remember to save your iptables and activate IP forwarding.






                share|improve this answer













                In my case, eth1 is the device I want to be an available gateway on my LAN, and ppp0 is the name of my VPN connection when it's active on that machine (connects via eth0 but for deadswitch security we won't name it in the routing).



                Setup your IPtables for NAT from the LAN to the VPN-connected gateway:



                iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
                iptables -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
                iptables -A FORWARD -i eth1 -o ppp0 -j ACCEPT


                Remember to save your iptables and activate IP forwarding.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered 1 hour ago









                Charney KayeCharney Kaye

                392413




                392413



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Ask Ubuntu!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f643519%2frouting-traffic-over-p2p1-and-tun0-correctly%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Are there any comparative studies done between Ashtavakra Gita and Buddhim?How is it wrong to believe that a self exists, or that it doesn't?Can you criticise or improve Ven. Bodhi's description of MahayanaWas the doctrine of 'Anatta', accepted as doctrine by modern Buddhism, actually taught by the Buddha?Relationship between Buddhism, Hinduism and Yoga?Comparison of Nirvana, Tao and Brahman/AtmaIs there a distinction between “ego identity” and “craving/hating”?Are there many differences between Taoism and Buddhism?Loss of “faith” in buddhismSimilarity between creation in Abrahamic religions and beginning of life in Earth mentioned Agganna Sutta?Are there studies about the difference between meditating in the morning versus in the evening?Can one follow Hinduism and Buddhism at the same time?Are there any prohibitions on participating in other religion's practices?Psychology of 'flow'

                    Image
                    Why "be dealt cards" rather than "be dealing cards"? Have I saved too much for retirement so far? The plural of 'stomach" How do I rename a LINUX host without needing to reboot for the rename to take effect? What defines a dissertation? Why are on-board computers allowed to change controls without notifying the pilots? Bash method for viewing beginning and end of file Student evaluations of teaching assistants Opposite of a diet Go Pregnant or Go Home Valid Badminton Score? What's the purpose of "true" in bash "if sudo true; then" What is the intuitive meaning of having a linear relationship between the logs of two variables? The baby cries all morning Is there a good way to store credentials outside of a password manager? Can I use my Chinese passport to enter China after I acquired another citizenship? Why Were Madagascar and New Zealand Discovered So Late? What are the ramifications of creating a ...
                    Read more

                    fallocate: fallocate failed: Text file busy in Ubuntu 17.04? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)defragmenting and increasing performance of old lubuntu system with swap partitionIssue with increasing the root partition from the swapthis /usr/bin/dpkg returned error || ubuntu-16.04, 64bitDefault 17.04 swap file locationHow to Resize Ubuntu 17.04 Zesty Swap file size?Ubuntu freezes from online formsMy Laptop is not starting after upgrade ubuntu 16.04 (Kernel 4.8.0-38 to 04.10.0-36)hcp: ERROR: FALLOCATE FAILED!Not sure my swap is being usedWine 3.0 asking for more virtual free swap

                    Image
                    Why does Python start at index 1 when iterating an array backwards? Letter Boxed validator What's the purpose of writing one's academic bio in 3rd person? What is the longest distance a 13th-level monk can jump while attacking on the same turn? What are 'alternative tunings' of a guitar and why would you use them? Doesn't it make it more difficult to play? Can Pao de Queijo, and similar foods, be kosher for Passover? When -s is used with third person singular. What's its use in this context? Right-skewed distribution with mean equals to mode? Should gear shift center itself while in neutral? Are my PIs rude or am I just being too sensitive? When is phishing education going too far? If 'B is more likely given A', then 'A is more likely given B' List *all* the tuples! Is high blood pressure ever a symptom attributable solely to dehydration? Is there a service that would inform me whenever a new direct route is scheduled ...
                    Read more

                    Where is the suspend/hibernate button in GNOME Shell? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)No suspend option in UI on Bionic BeaverHow can I set sleep mode in ubuntu18.04 LTS and what is the short cut key to do so?17.10 suspend not availableUbuntu 18.04 LTS missing sleep optionUbuntu 18.04 LTS - missing suspend option when power button is pressedHow to put Thinkpad X1 Extreme to sleep in Ubuntu 18.10?Suspend Button in interactive power button menu18.04 - Keep programs running after logging outway to disable Hibernate from within gconf-editor so button disappears?How can I hibernate from GNOME Shell?How can I hibernate/suspend from the command line and do so at a specific timeNo permission to suspend/hibernate after upgrading to 12.10MATE - Missing Suspend and Hibernate buttons, pressing power button shutdowns system immediatelyUbuntu 14.04: Suspend, Hibernate and Suspend-hybrid in the menu?Change “power-button-action” comand for “hibernate” option in GNOME 3.18Shutdown / Power off button does always go to suspend on 17.10Hibernate after suspend stopped working in 17.10Why doesn't the keyboard screenshot button work on Ubuntu with GNOME shell?

                    Image
                    .bashrc alias for a command with fixed second parameter Can I cut the hair of a conjured korred with a blade made of precious material to harvest that material from the korred? Did pre-Columbian Americans know the spherical shape of the Earth? calculator's angle answer for trig ratios that can work in more than 1 quadrant on the unit circle Why do C and C++ allow the expression (int) + 4*5? Dinosaur Word Search, Letter Solve, and Unscramble Is honorific speech ever used in the first person? Inverse square law not accurate for non-point masses? How does Billy Russo acquire his 'Jigsaw' mask? My mentor says to set image to Fine instead of RAW — how is this different from JPG? How do you cope with tons of web fonts when copying and pasting from web pages? What does Sonny Burch mean by, "S.H.I.E.L.D. and HYDRA don't even exist anymore"? Flight departed from the gate 5 min before scheduled departure time. Refund options No Invitation for T...
                    Read more