> Hi, > I see what you mean. It has been a while I have last worked with TUN > adapters. I’m always using TAP. But I remember > that TUN interfaces aren’t > ‘normal’ network devices as we're used to. Look at the net mask definition of > the tungfwlbist > interface. This is a /32. For your Linux system there is > only 1 IP address in this /32, namely 10.211.72.117. Any other > address > (even the remote site ’10.211.72.118’) is outside this scope. Linux will fail > adding custom routing to an > address outside the subnet.
> You can try two things: let openvpn handle all routing, although I understand
> that this is not desirable in your situation. > Second, switch to use TAP
> interfaces. These emulate ethernet devices and if you’re using a bigger
> subnet with the
> VPN server having an IP address ending in .1, you can use personal, custom
> routing within your operating system. For > this reason i’m always using TAP.
> Regards,
> Magiel
Based on your advice, I've tried the openvpn with ``--dev tap``
option, for detail, you can see the following output
log by openvpn:
----------------
$ sudo openvpn --config vpngate_183.161.242.87_tcp_1220.ovpn --dev tap
[snipped]
Wed Oct 14 09:29:29 2015 TUN/TAP device tap0 opened
Wed Oct 14 09:29:29 2015 TUN/TAP TX queue length set to 100
Wed Oct 14 09:29:29 2015 Initialization Sequence Completed
-------------------
Then I run the following commands to check the openvpn tap0 nic card
and corresponding route table setting:
$ sudo ifconfig
eth0 Link encap:Ethernet HWaddr 0c:c4:7a:6a:f7:f0
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:27503 errors:0 dropped:0 overruns:0 frame:0
TX packets:26596 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15565564 (14.8 MiB) TX bytes:6109190 (5.8 MiB)
Memory:de200000-de27ffff
eth1 Link encap:Ethernet HWaddr 0c:c4:7a:6a:f7:f1
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Memory:de100000-de17ffff
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:13629 errors:0 dropped:0 overruns:0 frame:0
TX packets:13629 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1462913 (1.3 MiB) TX bytes:1462913 (1.3 MiB)
$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
mode DEFAULT group default qlen 1000
link/ether 0c:c4:7a:6a:f7:f0 brd ff:ff:ff:ff:ff:ff
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state
DOWN mode DEFAULT group default qlen 1000
link/ether 0c:c4:7a:6a:f7:f1 brd ff:ff:ff:ff:ff:ff
16: tap0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
DEFAULT group default qlen 100
link/ether c6:d0:66:11:4e:be brd ff:ff:ff:ff:ff:ff
As you can see, the ifconfid will not show the tap0 at all for me,
while the ``ip link`` can give the information on it.
And the route table for tap0 is empty:
$ ip route show dev tap0
At this step, how should I do the further settings so let the openvpn
client can work for me with appropriate routing tables?
Regards
> On 13 Oct 2015, at 15:04, Hongyi Zhao <hongyi.z...@gmail.com> wrote:
>
> 2015-10-13 14:54 GMT+08:00 Magiel van der Meer <mag...@v-dmeer.nl>:
>> This means most likely that the default gateway you're trying to add isn't
>> within a local connected subnet.
>
> See the information in detail for my case:
>
> $ sudo ifconfig
> eth0 Link encap:Ethernet HWaddr 0c:c4:7a:6a:f7:f0
> inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:5605 errors:0 dropped:0 overruns:0 frame:0
> TX packets:10072 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:2846126 (2.7 MiB) TX bytes:2330753 (2.2 MiB)
> Memory:de200000-de27ffff
>
> eth1 Link encap:Ethernet HWaddr 0c:c4:7a:6a:f7:f1
> UP BROADCAST MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
> Memory:de100000-de17ffff
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:65536 Metric:1
> RX packets:4969 errors:0 dropped:0 overruns:0 frame:0
> TX packets:4969 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:468967 (457.9 KiB) TX bytes:468967 (457.9 KiB)
>
> tun-gfwlist Link encap:UNSPEC HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> inet addr:10.211.72.117 P-t-P:10.211.72.118 Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
> RX packets:1919 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1597 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:1215481 (1.1 MiB) TX bytes:200464 (195.7 KiB)
>
> For my case, the eth0 is up, the eth0 is down. And the vpn created a
> virtual nic named as tun-gfwlist.
>
> As you can see, the tun-gfwlist use point to point method to connetc
> the remote network. And the gateway may be different for each
> connection. So I use the the following command to create all of these
> route table entries used by openvpn:
>
> sudo ip route add dstination-network-address/cidr-prefix dev
> tun-gfwlist table openvpn
>
> And then I meet the issue I posted here.
>
> Regards
>
>>
>> --
>> Met vriendelijke groet,
>> With kind regards,
>>
>> Magiel van der Meer
>> mag...@v-dmeer.nl
>>
>>> On 13 Oct 2015, at 05:58, Hongyi Zhao <hongyi.z...@gmail.com> wrote:
>>>
>>> Hi all,
>>>
>>> I use openvpn to access the web via the vpngate's vpn servers.
>>>
>>> I don't use the global vpn mode, so I must add some specific routes
>>> for the websites which I want to access throuth the
>>> vpngate's vpn servers. For my case, I use the --route-nopull option
>>> for this purpose.
>>>
>>> Due to the route tables used by openvpn for my purpose may be so huge.
>>> I use the following method to save the route tables used by openvpn
>>> and restore them:
>>>
>>> ip route save table openvpn > rt_openvpn
>>>
>>> And then, after I restart my openvpn and connected susscessfully,
>>> issuing the following command:
>>>
>>> sudo ip route restore table openvpn < rt_openvpn
>>>
>>> But, at this step, I meet the following errors:
>>>
>>> RTNETLINK answers: No such device
>>>
>>> And failed to restore the previously save route tables.
>>>
>>> Any hints for this issue?
>>>
>>> Regards
>>> --
>>> Hongyi Zhao <hongyi.z...@gmail.com>
>>> Xinjiang Technical Institute of Physics and Chemistry
>>> Chinese Academy of Sciences
>>> GnuPG DSA: 0xD108493
>>>
>>> ------------------------------------------------------------------------------
>>> _______________________________________________
>>> Openvpn-users mailing list
>>> Openvpn-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
>
>
> --
> Hongyi Zhao <hongyi.z...@gmail.com>
> Xinjiang Technical Institute of Physics and Chemistry
> Chinese Academy of Sciences
> GnuPG DSA: 0xD108493
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
