Routing internet traffic via the vpn interface

Ragavan Kalatharan

5/9/24, 8:24 AM

I have a wifi dongle where I have three interfaces wlan0 (default route), uvpn0(VPN interface) and usb0(interface between the host machine and the dongle).

usb0      Link encap:Ethernet  HWaddr DA:CE:84:EA:A3:E3  
          inet addr:10.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.0
          inet6 addr: fe80::d8ce:84ff:feea:a3e3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:49190 errors:0 dropped:0 overruns:0 frame:0
          TX packets:123259 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:8718640 (8.3 MiB)  TX bytes:150323744 (143.3 MiB)

uvpn0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.87.0.3  P-t-P:10.87.0.3  Mask:255.255.0.0
          UP POINTOPOINT RUNNING  MTU:1420  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:368 (368.0 B)  TX bytes:1552 (1.5 KiB)

wlan0     Link encap:Ethernet  HWaddr D0:17:69:EC:A2:E4  
          inet addr:10.117.176.210  Bcast:10.117.176.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:121589 errors:0 dropped:0 overruns:0 frame:0
          TX packets:43659 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:143066201 (136.4 MiB)  TX bytes:6608011 (6.3 MiB)

Currently, the internet traffic is go through the wlan0 interface. I want the internet traffic to go through the VPN server 10.87.0.1. I tried the following things

Change the default route by adding the following command

ip route add default via 10.87.0.1 dev uvpn0

The moment I added the above command. I am not able to ping to the VPN server from the dongle.

I also added an IP rule

iptables -t nat -A POSTROUTING -s 10.117.176.0/24 -o uvpn0 -j MASQUERADE

What am I missing here?

1 + 0

vpn

routing

iptables

Score:0

Server

frax

5/22/24, 1:16 PM

You need to add a route specifically for the VPN peer otherwise your side will start to route the VPN packages for the tunnel inside the tunnel itself.

ip route add v1.v2.v3.v4 via 10.117.176.w4 dev wlan0

where v1.v2.v3.v4 is the public ip address of the vpn-server and 10.117.176.w4 is the gw address for the wlan0 subnet.

Another neat "trick" I usually do is not to add a default route for tunnels as it "conflicts" (need to have lower metric) than the existing default route, but just leave the existing default route be and add two routes instead:

ip route add 0.0.0.0/1 via 10.87.0.1 dev uvpn0
ip route add 128.0.0.0/1 via 10.87.0.1 dev uvpn0

as these are more narrow than default (0.0.0.0/0) they will take precedence as long as uvpn0 is up. When you bring down uvpn0 those routes will also go away and you are back on your normal default route without any need to change metrics on any of them.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Routing internet traffic via the vpn interface

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.