#StackBounty: #linux #networking #routing Linux: How I can connect Tap and Eth0?

Bounty: 50

Question
Diagram of online editor link


The raspberry pi ‘s system is raspbian or ubuntu.

ping -I 192.168.1.180 192.168.1.201 #Work [computer1 eth0 <-> rpi1 eth0]
ping -I 192.168.1.181 192.168.1.202 #Work [computer2 eth0 <-> rpi2 eth0]
ping -I 192.168.200.201 192.168.200.202 #Work [Wireless][rpi1 tap <-> rpi2 tap]

# ----------------------------------------------
ping -I 192.168.1.180 192.168.1.181 # I want connect two computers.[computer1 <->computer2]
# ----------------------------------------------

But
ping -I 192.168.1.180 192.168.200.201 #Not Work [rpi1 eth0 <-> rpi1 tap]
ping -I 192.168.1.181 192.168.200.202 #Not Work [rpi2 eth0 <-> rpi2 tap]

How I can connect TAP with Eth0?


Get this bounty!!!

#StackBounty: #networking #windows-10 #routing How to ensure internet traffic will only go through a wired network connection on a Wind…

Bounty: 50

I used two piece of hardware to construct my home network:

  1. A ADSL modem to connect to the ISP for internet connection
  2. A google wifi which connects to the ADSL modem and acts a access point.

I have a desktop PC (Windows 10 Pro). Because the said modem has 4 local network port and the desktop PC is physically adjacent to the modem so I connect it to the modem directly. The network speed is faster and the connectivity is more stable this way (Google wifi needs to be restarted form time to time)

However I also want to share a laser printer via the Windows 10 to the rest of the wifi network.

I reckon I can do it by also connect the Desktop PC to the wifi network.

My question:

How can I ensure the internet traffic of the Desktop PC will only go through the wired network while it can share the printer via wifi?


Get this bounty!!!

#StackBounty: #routing #vpn #iptables #l2tp Access LAN subnet behind L2TP server

Bounty: 50

I’ve been trying to solve this problem for a very long time. The situation is as follows:

Computer(s) -> Huawei B525 router -> VPS with xl2tpd -> Internet

I have a Huawei B525 router. It has enabled a DHCP server that assigns IP addresess from 192.168.8.0/24 network. I also have a VPN (L2TP) installed on VPS.

After connecting the Huawei router to VPN it has an IP address 192.168.42.10. Gateway has an IP address 192.168.42.1 (so as expected). The internet works fine, devices behind Huawei router can ping other devices connected to the VPN. But I don’t have access to mentioned machines (behind the router) from other devices, ex. also connected to VPN (or from VPS itself).

The perfect solution would be access to 192.168.8.0/24 devices and it’s ports from VPS and other VPN devices.

Route print:

route table

Iptables – filter:

iptables - filter

Iptables – nat:

iptables - nat


Get this bounty!!!

#StackBounty: #18.04 #docker #routing #ifconfig Routing Docker in ubuntu

Bounty: 100

In my routing table on Ubuntu 18.04 I have these entries:

172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-9f3f970041e3
172.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-66d1d4ca46a2
172.19.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0

The docker0 entry I managed to move to a different IP range by creating a /etc/docker/daemon.json file and adding {"bip": "172.19.0.1/16"} to it.

I’m not sure where the br-* entries come from but I know that if I remove them that Docker stops working so they are used by Docker.

I need to have Docker assign these br-* addresses at 172.20.0.0 and 172.21.0.0 because the corp network uses the ones that they are currently occupying.

Questions:

  1. What part of Docker is creating these br-* entries?
  2. How does Docker use these entries?
  3. How can I configure Docker to assign them to other ranges?


Get this bounty!!!

#StackBounty: #vpn #routing #openvpn #tunneling #aws-clientvpn routing bridge traffic to VPN tunnel (AWS Client VPN Endpoint)

Bounty: 50

I have bridge created between eth0 & wlan0. Following is ifconfig

root@ubuntu:~ $ ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.24.11.15  netmask 255.255.255.0  broadcast 10.24.11.255
        inet6 fe80::1fd4:f47a:59d2:1de8  prefixlen 64  scopeid 0x20<link>
        ether b8:27:eb:8e:38:ee  txqueuelen 1000  (Ethernet)
        RX packets 2571  bytes 308138 (300.9 KiB)
        RX errors 0  dropped 230  overruns 0  frame 0
        TX packets 2511  bytes 289807 (283.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether b8:27:eb:db:6d:bb  txqueuelen 1000  (Ethernet)
        RX packets 6268  bytes 1641477 (1.5 MiB)
        RX errors 0  dropped 39  overruns 0  frame 0
        TX packets 7141  bytes 1630895 (1.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 454  bytes 30843 (30.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 454  bytes 30843 (30.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.20.1.226  netmask 255.255.255.224  destination 10.20.1.226
        inet6 fe80::ea4d:bb87:d649:5308  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1407  bytes 94382 (92.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether b8:27:eb:8e:38:ee  txqueuelen 1000  (Ethernet)
        RX packets 5095  bytes 1401614 (1.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5124  bytes 1660553 (1.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Route table :

root@ubuntu:~ $ sudo ip route
0.0.0.0/1 via 10.20.1.225 dev tun0
default via 10.24.11.1 dev br0 src 10.24.11.15 metric 204
10.20.1.224/27 dev tun0 proto kernel scope link src 10.20.1.226
10.24.11.0/24 dev br0 proto kernel scope link src 10.24.11.15 metric 204
52.36.18.24 via 10.24.11.1 dev br0
128.0.0.0/1 via 10.20.1.225 dev tun0

And

root@ubuntu:~ $ sudo route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.20.1.225     128.0.0.0       UG    0      0        0 tun0
0.0.0.0         10.24.11.1      0.0.0.0         UG    204    0        0 br0
10.20.1.224     0.0.0.0         255.255.255.224 U     0      0        0 tun0
10.24.11.0      0.0.0.0         255.255.255.0   U     204    0        0 br0
52.36.18.24     10.24.11.1      255.255.255.255 UGH   0      0        0 br0
128.0.0.0       10.20.1.225     128.0.0.0       UG    0      0        0 tun0

Subnet 10.2.0.0/16 is reachable through tunnel tun0 able to ping IP 10.2.1.145 from this box. But not able to ping 10.2.1.145 from the devices connected to this box on wlan0. Also able to ping 10.24.11.15 from devices connected to this box on wlan0

If I perform traceroute 10.2.1.145 devices connected to this box on wlan0, connection goes out through eth0 via public ip.

eth0 has 10.24.11.15, but after creating bridge, it shifted to br0

What route I am missing here to push 10.2.0.0/16 traffic through tun0 ?


Get this bounty!!!

#StackBounty: #virtualbox #virtual-machine #routing #vpn How to route traffic through VPN only accessible within VM (without a bridged …

Bounty: 50

I have an interesting situation where I have a corporate VPN that can only connect through a specific (outdated) version of Ubuntu (and/or Windows) using a vendor-supplied client that creates a VPN interface on tun0 upon successful authentication. I use a different distribution on my personal Linux machine, on which the VPN client will not run because of library issues.

As a workaround, I have more-or-less figured out how to configure the Ubuntu VM (on VirtualBox) to work as a router when the VM is configured in bridge mode. Unfortunately, this works on some networks (like my home one) because I can get another IP no problem for my bridged VM, but on many public networks, this does not work.

I believe I should be able to do this with two network adapters on the VM, one with NAT, and one as a Host-Only connection, but I’m not sure how to set up the routing so that I can send traffic on my host through the VPN tunnel.

Here’s the setup so far:

[host]$ VBoxManage list hostonlyifs 

Name:            vboxnet0
GUID:            786f6276-656e-4074-8000-0a0027000000
DHCP:            Disabled
IPAddress:       192.168.56.1
NetworkMask:     255.255.255.0
IPV6Address:     fe80::800:27ff:fe00:0
IPV6NetworkMaskPrefixLength: 64
HardwareAddress: 0a:00:27:00:00:00
MediumType:      Ethernet
Wireless:        No
Status:          Up
VBoxNetworkName: HostInterfaceNetworking-vboxnet0

The guest interfaces (after connecting to the vpn – enp0s3 is the NAT adapter, enp0s8 is the host-only adapter):

[guest]$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:b2:d9:c2 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute enp0s3
       valid_lft 83176sec preferred_lft 83176sec
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:3c:81:82 brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.101/24 brd 192.168.56.255 scope global dynamic noprefixroute enp0s8
4: tun0: <POINTOPOINT,UP,LOWER_UP> mtu 1384 qdisc fq_codel state UNKNOWN group default qlen 500
    link/none 
    inet XXX.XXX.XXX.XXX peer 1.1.1.1/32 scope global tun0

On the guest, I enable translation between the host-only adapter and the VPN tunnel with the following commands:

sudo sysctl net.ipv4.conf.all.forwarding=1
sudo sysctl net.ipv6.conf.all.forwarding=1
sudo iptables -A FORWARD -i enp0s8 -o tun0 -j ACCEPT
sudo iptables -A FORWARD -i tun0 -o enp0s8 -j ACCEPT
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

On the host, I can replace the default route with 192.168.56.1 (the host-only VM adapter), but then obviously no data can get out at all. Since the VM is not getting it’s own access to the internet, I need to have some traffic coming in/out to the internet through the host, but then I would like to force as much as possible of that to go through the VM’s VPN connection. It feels like I’m close, and this should be possible, but I’m not sure what the missing piece is.

On a side note, I think I could get this to work for certain applications by perhaps doing an SSH SOCKS proxy to the VM, perhaps? I’d like to route all traffic through the VPN, if possible.


Get this bounty!!!

#StackBounty: #vpn #routing #windows-10 Windows 10 won't stop using remote gateway with VPN

Bounty: 50

Hope this is a suitable place to ask. I have a VPN connection set up on my home Windows 10 PC which lets me join the network at my office. At some point I noticed my internet connection seemed very slow and after a little bit of investigation discovered that Windows was routing all non-local traffic through the VPN.

I learned about the ‘Use default gateway on remote network’ checkbox in the IPv4 properties on the VPN connection, and have unchecked it. This solves the problem but only temporarily. After ‘a while’ (don’t know exactly when it happens, I usually notice it within a couple of days) my internet connection feels slow again and sure enough all traffic is being routed through the VPN.

Using route print whilst the traffic is going through the VPN shows:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10   4506
          0.0.0.0          0.0.0.0         On-link    192.168.12.200     26
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10   4251
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4556
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4556
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
      192.168.0.0    255.255.255.0         On-link      192.168.0.10   4506
     192.168.0.10  255.255.255.255         On-link      192.168.0.10   4506
    192.168.0.255  255.255.255.255         On-link      192.168.0.10   4506
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4556
        224.0.0.0        240.0.0.0         On-link      192.168.0.10   4506
        224.0.0.0        240.0.0.0         On-link    192.168.12.200     26
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
  255.255.255.255  255.255.255.255         On-link      192.168.0.10   4506
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

My home PC is (statically assigned) 192.168.0.10, with 192.168.0.1 being my home router. The network I am joining through the VPN is 192.168.12.0, given an IP address by DHCP.

I can see it’s added a route to use the VPN and given it the lowest metric. I don’t know what ‘On-link’ means in this context.

The checkbox is still unchecked. If I disconnect and then reconnect the VPN connection, everything is fixed:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10    281
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.10    281
     192.168.0.10  255.255.255.255         On-link      192.168.0.10    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.10    281
     192.168.12.0    255.255.255.0     192.168.12.1   192.168.12.200     26
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.0.10    281
        224.0.0.0        240.0.0.0         On-link    192.168.12.200    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.0.10    281
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

Only traffic for 192.168.12.0 is sent via the VPN, which is what I want.

Does anyone know what could cause Windows to keep suddenly deciding to ignore the ‘Don’t use remote gateway…’ option and adding a route anyway?

Is there some kind of ‘negative route’ I can add permanently which effectively blocks any unwanted traffic going to the VPN?

Edited to add: I also tried manually setting the metric very high in the same page of the VPN IPv4 properties, but this seems to have no effect and is not reflected in the output of route print.

Edit to add: I’ve also noticed another strange behaviour regarding connecting to the VPN. This is all using the built-in Windows 10 client:

If initiating the connection by clicking the network icon in the tray, selecting the VPN and clicking the inline ‘Connect’ button there, it will often get stuck at the ‘Connecting…’ stage for a while then fail.

If I go into the ‘Netowrk & Internet Settings -> VPN’ part of the control panel and initiate the connection from there, it succeeds 100% of the time and very quickly.

I have also been using a third-party utility called AutoVPNConnect, which periodically checks whether the VPN is active and ‘re-dials’ it if not. I couldn’t find any way to get this behaviour reliably within Windows itself. I now suspect that the unwanted route is being added when the utility re-establishes the connection. I don’t believe it’s doing this intentionally.

Possibly there are multiple APIs in Windows for ‘dialling’ a VPN, and they function slightly differently?


Get this bounty!!!

#StackBounty: #vpn #routing #windows-10 Windows 10 won't stop using remote gateway with VPN

Bounty: 50

Hope this is a suitable place to ask. I have a VPN connection set up on my home Windows 10 PC which lets me join the network at my office. At some point I noticed my internet connection seemed very slow and after a little bit of investigation discovered that Windows was routing all non-local traffic through the VPN.

I learned about the ‘Use default gateway on remote network’ checkbox in the IPv4 properties on the VPN connection, and have unchecked it. This solves the problem but only temporarily. After ‘a while’ (don’t know exactly when it happens, I usually notice it within a couple of days) my internet connection feels slow again and sure enough all traffic is being routed through the VPN.

Using route print whilst the traffic is going through the VPN shows:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10   4506
          0.0.0.0          0.0.0.0         On-link    192.168.12.200     26
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10   4251
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4556
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4556
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
      192.168.0.0    255.255.255.0         On-link      192.168.0.10   4506
     192.168.0.10  255.255.255.255         On-link      192.168.0.10   4506
    192.168.0.255  255.255.255.255         On-link      192.168.0.10   4506
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4556
        224.0.0.0        240.0.0.0         On-link      192.168.0.10   4506
        224.0.0.0        240.0.0.0         On-link    192.168.12.200     26
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
  255.255.255.255  255.255.255.255         On-link      192.168.0.10   4506
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

My home PC is (statically assigned) 192.168.0.10, with 192.168.0.1 being my home router. The network I am joining through the VPN is 192.168.12.0, given an IP address by DHCP.

I can see it’s added a route to use the VPN and given it the lowest metric. I don’t know what ‘On-link’ means in this context.

The checkbox is still unchecked. If I disconnect and then reconnect the VPN connection, everything is fixed:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10    281
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.10    281
     192.168.0.10  255.255.255.255         On-link      192.168.0.10    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.10    281
     192.168.12.0    255.255.255.0     192.168.12.1   192.168.12.200     26
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.0.10    281
        224.0.0.0        240.0.0.0         On-link    192.168.12.200    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.0.10    281
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

Only traffic for 192.168.12.0 is sent via the VPN, which is what I want.

Does anyone know what could cause Windows to keep suddenly deciding to ignore the ‘Don’t use remote gateway…’ option and adding a route anyway?

Is there some kind of ‘negative route’ I can add permanently which effectively blocks any unwanted traffic going to the VPN?

Edited to add: I also tried manually setting the metric very high in the same page of the VPN IPv4 properties, but this seems to have no effect and is not reflected in the output of route print.

Edit to add: I’ve also noticed another strange behaviour regarding connecting to the VPN. This is all using the built-in Windows 10 client:

If initiating the connection by clicking the network icon in the tray, selecting the VPN and clicking the inline ‘Connect’ button there, it will often get stuck at the ‘Connecting…’ stage for a while then fail.

If I go into the ‘Netowrk & Internet Settings -> VPN’ part of the control panel and initiate the connection from there, it succeeds 100% of the time and very quickly.

I have also been using a third-party utility called AutoVPNConnect, which periodically checks whether the VPN is active and ‘re-dials’ it if not. I couldn’t find any way to get this behaviour reliably within Windows itself. I now suspect that the unwanted route is being added when the utility re-establishes the connection. I don’t believe it’s doing this intentionally.

Possibly there are multiple APIs in Windows for ‘dialling’ a VPN, and they function slightly differently?


Get this bounty!!!

#StackBounty: #vpn #routing #windows-10 Windows 10 won't stop using remote gateway with VPN

Bounty: 50

Hope this is a suitable place to ask. I have a VPN connection set up on my home Windows 10 PC which lets me join the network at my office. At some point I noticed my internet connection seemed very slow and after a little bit of investigation discovered that Windows was routing all non-local traffic through the VPN.

I learned about the ‘Use default gateway on remote network’ checkbox in the IPv4 properties on the VPN connection, and have unchecked it. This solves the problem but only temporarily. After ‘a while’ (don’t know exactly when it happens, I usually notice it within a couple of days) my internet connection feels slow again and sure enough all traffic is being routed through the VPN.

Using route print whilst the traffic is going through the VPN shows:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10   4506
          0.0.0.0          0.0.0.0         On-link    192.168.12.200     26
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10   4251
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4556
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4556
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
      192.168.0.0    255.255.255.0         On-link      192.168.0.10   4506
     192.168.0.10  255.255.255.255         On-link      192.168.0.10   4506
    192.168.0.255  255.255.255.255         On-link      192.168.0.10   4506
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4556
        224.0.0.0        240.0.0.0         On-link      192.168.0.10   4506
        224.0.0.0        240.0.0.0         On-link    192.168.12.200     26
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
  255.255.255.255  255.255.255.255         On-link      192.168.0.10   4506
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

My home PC is (statically assigned) 192.168.0.10, with 192.168.0.1 being my home router. The network I am joining through the VPN is 192.168.12.0, given an IP address by DHCP.

I can see it’s added a route to use the VPN and given it the lowest metric. I don’t know what ‘On-link’ means in this context.

The checkbox is still unchecked. If I disconnect and then reconnect the VPN connection, everything is fixed:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10    281
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.10    281
     192.168.0.10  255.255.255.255         On-link      192.168.0.10    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.10    281
     192.168.12.0    255.255.255.0     192.168.12.1   192.168.12.200     26
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.0.10    281
        224.0.0.0        240.0.0.0         On-link    192.168.12.200    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.0.10    281
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

Only traffic for 192.168.12.0 is sent via the VPN, which is what I want.

Does anyone know what could cause Windows to keep suddenly deciding to ignore the ‘Don’t use remote gateway…’ option and adding a route anyway?

Is there some kind of ‘negative route’ I can add permanently which effectively blocks any unwanted traffic going to the VPN?

Edited to add: I also tried manually setting the metric very high in the same page of the VPN IPv4 properties, but this seems to have no effect and is not reflected in the output of route print.

Edit to add: I’ve also noticed another strange behaviour regarding connecting to the VPN. This is all using the built-in Windows 10 client:

If initiating the connection by clicking the network icon in the tray, selecting the VPN and clicking the inline ‘Connect’ button there, it will often get stuck at the ‘Connecting…’ stage for a while then fail.

If I go into the ‘Netowrk & Internet Settings -> VPN’ part of the control panel and initiate the connection from there, it succeeds 100% of the time and very quickly.

I have also been using a third-party utility called AutoVPNConnect, which periodically checks whether the VPN is active and ‘re-dials’ it if not. I couldn’t find any way to get this behaviour reliably within Windows itself. I now suspect that the unwanted route is being added when the utility re-establishes the connection. I don’t believe it’s doing this intentionally.

Possibly there are multiple APIs in Windows for ‘dialling’ a VPN, and they function slightly differently?


Get this bounty!!!

#StackBounty: #vpn #routing #windows-10 Windows 10 won't stop using remote gateway with VPN

Bounty: 50

Hope this is a suitable place to ask. I have a VPN connection set up on my home Windows 10 PC which lets me join the network at my office. At some point I noticed my internet connection seemed very slow and after a little bit of investigation discovered that Windows was routing all non-local traffic through the VPN.

I learned about the ‘Use default gateway on remote network’ checkbox in the IPv4 properties on the VPN connection, and have unchecked it. This solves the problem but only temporarily. After ‘a while’ (don’t know exactly when it happens, I usually notice it within a couple of days) my internet connection feels slow again and sure enough all traffic is being routed through the VPN.

Using route print whilst the traffic is going through the VPN shows:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10   4506
          0.0.0.0          0.0.0.0         On-link    192.168.12.200     26
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10   4251
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4556
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4556
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
      192.168.0.0    255.255.255.0         On-link      192.168.0.10   4506
     192.168.0.10  255.255.255.255         On-link      192.168.0.10   4506
    192.168.0.255  255.255.255.255         On-link      192.168.0.10   4506
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4556
        224.0.0.0        240.0.0.0         On-link      192.168.0.10   4506
        224.0.0.0        240.0.0.0         On-link    192.168.12.200     26
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4556
  255.255.255.255  255.255.255.255         On-link      192.168.0.10   4506
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

My home PC is (statically assigned) 192.168.0.10, with 192.168.0.1 being my home router. The network I am joining through the VPN is 192.168.12.0, given an IP address by DHCP.

I can see it’s added a route to use the VPN and given it the lowest metric. I don’t know what ‘On-link’ means in this context.

The checkbox is still unchecked. If I disconnect and then reconnect the VPN connection, everything is fixed:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.10    281
      82.4.223.31  255.255.255.255      192.168.0.1     192.168.0.10     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.10    281
     192.168.0.10  255.255.255.255         On-link      192.168.0.10    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.10    281
     192.168.12.0    255.255.255.0     192.168.12.1   192.168.12.200     26
   192.168.12.200  255.255.255.255         On-link    192.168.12.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.0.10    281
        224.0.0.0        240.0.0.0         On-link    192.168.12.200    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.0.10    281
  255.255.255.255  255.255.255.255         On-link    192.168.12.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default
===========================================================================

Only traffic for 192.168.12.0 is sent via the VPN, which is what I want.

Does anyone know what could cause Windows to keep suddenly deciding to ignore the ‘Don’t use remote gateway…’ option and adding a route anyway?

Is there some kind of ‘negative route’ I can add permanently which effectively blocks any unwanted traffic going to the VPN?

Edited to add: I also tried manually setting the metric very high in the same page of the VPN IPv4 properties, but this seems to have no effect and is not reflected in the output of route print.

Edit to add: I’ve also noticed another strange behaviour regarding connecting to the VPN. This is all using the built-in Windows 10 client:

If initiating the connection by clicking the network icon in the tray, selecting the VPN and clicking the inline ‘Connect’ button there, it will often get stuck at the ‘Connecting…’ stage for a while then fail.

If I go into the ‘Netowrk & Internet Settings -> VPN’ part of the control panel and initiate the connection from there, it succeeds 100% of the time and very quickly.

I have also been using a third-party utility called AutoVPNConnect, which periodically checks whether the VPN is active and ‘re-dials’ it if not. I couldn’t find any way to get this behaviour reliably within Windows itself. I now suspect that the unwanted route is being added when the utility re-establishes the connection. I don’t believe it’s doing this intentionally.

Possibly there are multiple APIs in Windows for ‘dialling’ a VPN, and they function slightly differently?


Get this bounty!!!