Set source address to use tun device does not work (Debian Squeeze)
Posted
by
A. Donda
on Server Fault
See other posts from Server Fault
or by A. Donda
Published on 2012-10-12T20:27:03Z
Indexed on
2012/10/12
21:38 UTC
Read the original article
Hit count: 197
there have been similar questions on StackExchange but none of the answers helped me, so I'll try a question of my own.
I have a VPN connection via OpenVPN. By default, all traffic is redirected through the tunnel using OpenVPN's "two more specific routes" trick, but I disabled that. My routing table is like this:
198.144.156.141 192.168.2.1 255.255.255.255 UGH 0 0 0 eth0
10.30.92.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun1
10.30.92.1 10.30.92.5 255.255.255.255 UGH 0 0 0 tun1
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 10.30.92.5 0.0.0.0 UG 0 0 0 tun1
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
And the interface configuration is like this:
# ifconfig
eth0 Link encap:Ethernet HWaddr XX-XX-
inet addr:192.168.2.100 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::211:9ff:fe8d:acbd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:394869 errors:0 dropped:0 overruns:0 frame:0
TX packets:293489 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:388519578 (370.5 MiB) TX bytes:148817487 (141.9 MiB)
Interrupt:20 Base address:0x6f00
tun1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.30.92.6 P-t-P:10.30.92.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:64 errors:0 dropped:0 overruns:0 frame:0
TX packets:67 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:9885 (9.6 KiB) TX bytes:4380 (4.2 KiB)
plus the lo device.
The routing table has two default routes, one via eth0 through my local network router (DSL modem) at 192.168.2.1, and another via tun1 through the VPN's gateway. With this configuration, if I connect to a site, the route chosen is the direct one (because it has less hops?):
# traceroute 8.8.8.8 -n
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 192.168.2.1 0.427 ms 0.491 ms 0.610 ms
2 213.191.89.13 17.981 ms 20.137 ms 22.141 ms
3 62.109.108.48 23.681 ms 25.009 ms 26.401 ms
...
This is fine, because my goal is to send only traffic from specific applications through the tunnel (esp. transmission, using its -i / bind-address-ipv4 option). To test whether this can work at all, I check it first with traceroute's -s option:
# traceroute 8.8.8.8 -n -s 10.30.92.6
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
...
This I take to mean that connection using the tunnel's local address as source is not possible.
What is possible (though only as root) is to specify the source interface:
# traceroute 8.8.8.8 -n -i tun1
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 10.30.92.1 129.337 ms 297.758 ms 297.725 ms
2 * * *
3 198.144.152.17 297.653 ms 297.652 ms 297.650 ms
...
So apparently the tun1 interface is working and it is possible to send packets through it.
But selecting the source interface is not implemented in my actual target application (transmission), so I would like to get source address selection to work.
What am I doing wrong?
© Server Fault or respective owner
