Join Log in
Score:0
avatar Ubuntu

How to get the network interface through which traffic is routed

cn flag
Mehdi

I am trying to figure out through which interface my traffic is routed and to get the local ip address associated with that interface. This will make me differ between cases where vpn access is disabled (all goes through wlan0 -> read ip from that interface) or when vpn is activated (all goes through tun0, get ip of that interface).

I know the route command, but I can't really see how I will parse it to extract the information I need.

This is my ip route list without vpn:

default via 192.168.26.1 dev wlp0s20f3 proto dhcp metric 600 
169.254.0.0/16 dev wlp0s20f3 scope link metric 1000 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
192.168.26.0/23 dev wlp0s20f3 proto kernel scope link src 192.168.26.254 metric 600

and after connecting to the vpn

default via 192.168.31.1 dev tun0 proto static metric 50 
default via 192.168.26.1 dev wlp0s20f3 proto dhcp metric 600 
10.0.0.0/8 via 192.168.31.1 dev tun0 proto static metric 50 
13.224.73.0/24 via 192.168.31.1 dev tun0 proto static metric 50 
18.135.151.3 via 192.168.31.1 dev tun0 proto static metric 50 
40.114.41.40 via 192.168.31.1 dev tun0 proto static metric 50 
52.95.0.0/16 via 192.168.31.1 dev tun0 proto static metric 50 
104.18.4.20 via 192.168.31.1 dev tun0 proto static metric 50 
104.18.5.20 via 192.168.31.1 dev tun0 proto static metric 50 
104.18.25.245 via 192.168.31.1 dev tun0 proto static metric 50 
104.27.148.109 via 192.168.31.1 dev tun0 proto static metric 50 
104.27.149.109 via 192.168.31.1 dev tun0 proto static metric 50 
143.204.190.0/24 via 192.168.31.1 dev tun0 proto static metric 50 
149.11.92.90 via 192.168.26.1 dev wlp0s20f3 proto static metric 600 
150.2.20.0/24 via 192.168.31.1 dev tun0 proto static metric 50 
150.2.22.0/24 via 192.168.31.1 dev tun0 proto static metric 50 
150.2.34.0/24 via 192.168.31.1 dev tun0 proto static metric 50 
169.254.0.0/16 dev wlp0s20f3 scope link metric 1000 
172.16.0.0/12 via 192.168.31.1 dev tun0 proto static metric 50 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
192.168.0.0/16 via 192.168.31.1 dev tun0 proto static metric 50 
192.168.26.0/23 dev wlp0s20f3 proto kernel scope link src 192.168.26.254 metric 600 
192.168.26.1 dev wlp0s20f3 proto static scope link metric 600 
192.168.31.0/24 dev tun0 proto kernel scope link src 192.168.31.56 metric 50

Would it be safe to assume that the top default route is the one being used?

63
0 + 0
vpn
ru flag
Thomas Ward
Include the output of `ip route list` and we can help you determine it.
0
Reply
Score:1
avatar Ubuntu
ru flag
Thomas Ward

There's two parts to finding this data out: first, determining what subnets are going directly out over a specific interface; and then second, determining what the 'default route' of your traffic is to the Internet.

(skip to the Your Routes section for my dissection of your routes output)

In both cases we need the ip route list output, but in my case we'll look at my laptop (NOT currently VPN'd because i'm on my home network):

default via 172.18.0.1 dev wlp59s0 proto dhcp metric 600 
10.10.0.0/16 dev static-local proto kernel scope link src 10.10.0.1 
10.73.252.0/24 dev InternalDHCP proto kernel scope link src 10.73.252.1 
10.74.0.0/24 dev docker0 proto kernel scope link src 10.74.0.1 linkdown 
169.254.0.0/16 dev docker0 scope link metric 1000 linkdown 
172.18.0.0/16 dev wlp59s0 proto kernel scope link src 172.18.2.0 metric 600

As you can see I have several different things here on my network. I have two docker subnets, two other networks (static-local and InternalDHCP for my LXD containers), my wireless interface wlp59s0, and the 'default route' at the top.

Let's dissect this into the component parts. Start by looking at non-default routes. This would be read as follows:

  • All traffic to 10.10.0.0/16 (10.10.0.0-10.10.255.255) goes directly over the static-local network link with the source IP of 10.10.0.1.
  • All traffic to 10.73.252.0/24 (10.73.252.0-10.73.252.255) goes directly over the InternalDHCP network link with the source of 10.73.252.1
  • All traffic to 10.74.0.0/24 (10.74.0.0-10.74.0.255) goes directly over the docker0 network link with the source of 10.74.0.1. The same network link also accepts traffic for 169.254.0.0/16, however this link is offline and not functioning.
  • All traffic to 172.18.0.0/16 (172.18.0.0-172.18.255.255) goes directly over the wlp59s0 network link with the source IP of 172.18.2.0.

Now the default route:

  • All other traffic that does not match one of the other aforementioned routes is to be routed via gateway/router address 172.18.0.1 via device wlp59s0 (which is my wifi card).

That's how you would dissect ip route list output such as the above. We can assist you with dissecting your ip route list output if you want, however this is how you would read the output.

Your Routes

This is my dissection of your routes, both when your VPN is connected and not.

First, when you're not on the VPN:

  • Traffic to 192.168.26.0/23 (192.168.26.0-192.168.27.255) goes out directly over your wlp0s20f3 (wifi) interface link. This includes going directly to 192.168.26.1 (the default route)
  • Traffic to 149.11.92.90 goes out via 182.168.26.1 directly over your wifi interface link.
  • Traffic to 172.17.0.0/16 (172.17.0.0-172.17.255.255) goes directly over the docker0 network link with the source IP address of 172.17.0.1.
  • Something was up with your network link, so 169.254.0.0/16 (169.254.0.0-169.254.255.255) goes out over the wifi device on-link.
  • For any other subnet designations when you are not on the VPN, your traffic flows out via your wifi interface via the gateway IP of 192.168.26.1 (your router)

Now, when you are using the VPN, it adds a LOT of routes to your table that make no sense, but we can condense them into one easy way to assess the rules. Note that the previous non-VPN-connected rules still apply:

  • When connected to the VPN, all traffic not addressed by the prior on-link rules (which includes the rules from when you're not on the VPN) is routed over the tun0 device and the VPN link, via 192.168.31.1 over the tunnel. Therefore, all traffic to the Internet (other than on-link addresses as specified above) will pass over the VPN tunnel first. If the VPN tunnel link fails and traffic cannot traverse over that tunnel, it will fall back to using your standard wifi connection (however, this will only happen when the VPN tunnel fails and does NOT reconnect, so the tun0 interface will go away)

  • Traffic between your system and the VPN endpoint passes over the default wifi link to reach the remote VPN server. (this is the 'default' behavior as to connect to the VPN server it's going to use your default wifi link).

0 + 0
cn flag
Mehdi
Thanks Thomas, I updated my question with the routes
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.