Route table operations performed by openvpn.

Discussion in 'Linux Networking' started by Hongyi Zhao, Apr 2, 2015.

  1. Hongyi Zhao

    Hongyi Zhao Guest

    Hi all,

    I use openvpn to connect to the vpn server.
    When it successfully done, I note the following route operations done by
    openvpn automatically:

    route add -net 112.65.107.179 netmask 255.255.255.255 gw 192.168.0.1
    route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.211.254.254
    route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.211.254.254

    I cann't figure out the following issues on the above commands:

    1- Does the execution order of these commands matter or not?

    2- I understand the first command is a host route table entry. But I
    cann't figure out the meaning of the other two commands performed by
    openvpn. Any hints?

    Regards
     
    Hongyi Zhao, Apr 2, 2015
    #1
    1. Advertisements

  2. Hongyi Zhao

    detha Guest

    The first one creates a route to what is presumably your VPN server, so
    the encrypted packets always know where to go.

    The last two effectively create a default route for all traffic to go
    through the tunnel. Instead of doing a
    'route add -net 0.0.0.0 mask 0.0.0.0 gw 10.211.254.254'
    which would fight with the default route you already have installed, it
    splits it into two (slightly) more specifics. Because they are more
    specific, they take preference over your original default route.

    It is done this way so the original default route can be left in place,
    instead of the 'remove current default route, remember what is was,
    install a new one' because 1) remembering the original one is a pain, and
    2) should openvpn crash (and not have a chance to put the original
    default route back in place), it would leave the system in an unusable
    state.

    -d
     
    detha, Apr 2, 2015
    #2
    1. Advertisements

  3. Hongyi Zhao

    Hongyi Zhao Guest

    This should means that all of the source requests/packages from the
    client side will be routed to the 10.211.254.254. Will it also fight
    with the route added by the first command or not?
    How to know they they are more specific than the original routes
    installed on my box?

    Following are the original routes for my case:

    werner@debian:~$ ip route
    default via 192.168.0.1 dev eth0 proto static
    192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.3

    Regards
     
    Hongyi Zhao, Apr 2, 2015
    #3
  4. Hongyi Zhao

    detha Guest

    The first command adds a host route (a /32), so that only applies to
    packets to that particular host. The two /1 routes cover all others.
    The 'default' label is shorthand for 0.0.0.0/0. The new routes added are
    0.0.0.0/1 and 128.0.0.0/1. Since a /1 is more specific than a /0, the /1
    routes will be chosen for anything not in 192.168.0.0/24 (since the /24 is
    more specific for that)
     
    detha, Apr 4, 2015
    #4
  5. Hongyi Zhao

    Hongyi Zhao Guest

    Got it, thanks a lot.

    Regards
     
    Hongyi Zhao, Apr 4, 2015
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.