Routing all traffic through VPN
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Routing all traffic through VPN
I have managed to connet to my VPN provider's Softether server on the command-line Mac version of softether. However, I can't get it to route traffic through the VPN. I have tried playing around with the routing tables using the route command but I can't get it to work.
-
- Posts: 65
- Joined: Mon Nov 17, 2014 2:11 pm
Re: Routing all traffic through VPN
Remove default gateway. Add route to your VPN server through normal exit IP (local or direct external). Add default gateway through VPN.
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
Nemesiz wrote:
> Remove default gateway. Add route to your VPN server through normal exit IP
> (local or direct external). Add default gateway through VPN.
This is what I did:
'sudo ipconfig set tap0 DHCP' to give my Virtual Network Adapater (tap0) an IP
sudo route add [VPN IP] [Router default gateway]
sudo route delete default
sudo route add default [VPN NIC gateway]
So I am effectively changing my default gateway to that of my Virtual adapter and then routing traffic to my VPN IP through the default gatway
Then my internet wouldn't work.
> Remove default gateway. Add route to your VPN server through normal exit IP
> (local or direct external). Add default gateway through VPN.
This is what I did:
'sudo ipconfig set tap0 DHCP' to give my Virtual Network Adapater (tap0) an IP
sudo route add [VPN IP] [Router default gateway]
sudo route delete default
sudo route add default [VPN NIC gateway]
So I am effectively changing my default gateway to that of my Virtual adapter and then routing traffic to my VPN IP through the default gatway
Then my internet wouldn't work.
-
- Posts: 65
- Joined: Mon Nov 17, 2014 2:11 pm
Re: Routing all traffic through VPN
If you do not add route to your VPN server your network will be looped.
I`ll give you example on linux
Before
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.10
default via 192.168.0.1 dev eth0
After (vpn server IP x.x.x.x)
192.168.30.0/24 dev tap_vpn proto kernel scope link src 192.168.30.10
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.10
x.x.x.x via 192.168.0.10 dev eth0
default via 192.168.30.1 dev tap_vpn
I hope I give you working example
I`ll give you example on linux
Before
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.10
default via 192.168.0.1 dev eth0
After (vpn server IP x.x.x.x)
192.168.30.0/24 dev tap_vpn proto kernel scope link src 192.168.30.10
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.10
x.x.x.x via 192.168.0.10 dev eth0
default via 192.168.30.1 dev tap_vpn
I hope I give you working example
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
Nemesiz wrote:
> I hope I give you working example
I'm not sure I understand what you're trying to show me. Here is an example of what I was trying to do and you can tell me if it is incorrect:
[tap0 is Virtual Network Adapter]
[xx.xxx.xxx.xx is VPN IP, yyy.yyy.yyy.y is Router gateway, zzz.zzz.zzz. is Virtual Network Adapter gateway]
1. sudo dhclient tap0 (to get virtual IP)
2. sudo ip route add xx.xxx.xxx.xx/32 via yyy.yyy.yyy.y dev en1
3. sudo ip route del default
4. sudo ip route add default via zzz.zzz.zzz.z dev tap0
Then it should work, except it doesn't so I'm doing something wrong
> I hope I give you working example
I'm not sure I understand what you're trying to show me. Here is an example of what I was trying to do and you can tell me if it is incorrect:
[tap0 is Virtual Network Adapter]
[xx.xxx.xxx.xx is VPN IP, yyy.yyy.yyy.y is Router gateway, zzz.zzz.zzz. is Virtual Network Adapter gateway]
1. sudo dhclient tap0 (to get virtual IP)
2. sudo ip route add xx.xxx.xxx.xx/32 via yyy.yyy.yyy.y dev en1
3. sudo ip route del default
4. sudo ip route add default via zzz.zzz.zzz.z dev tap0
Then it should work, except it doesn't so I'm doing something wrong
-
- Posts: 65
- Joined: Mon Nov 17, 2014 2:11 pm
Re: Routing all traffic through VPN
can you ping xx.xxx.xxx.xx after step 2 and after step 3 ?
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
Nemesiz wrote:
> can you ping xx.xxx.xxx.xx after step 2 and after step 3 ?
I tried pining then and got:
ping: sendto: No route to host
Request timeout for icmp_seq 0
ping: sendto: No route to host
Request timeout for icmp_seq 1
...and so on
> can you ping xx.xxx.xxx.xx after step 2 and after step 3 ?
I tried pining then and got:
ping: sendto: No route to host
Request timeout for icmp_seq 0
ping: sendto: No route to host
Request timeout for icmp_seq 1
...and so on
-
- Posts: 65
- Joined: Mon Nov 17, 2014 2:11 pm
Re: Routing all traffic through VPN
Try to change step 2 to
sudo ip route add xx.xxx.xxx.xx/32 via [your PC IP of yyy.yyy.yyy.y network] dev en1
sudo ip route add xx.xxx.xxx.xx/32 via [your PC IP of yyy.yyy.yyy.y network] dev en1
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
Nemesiz wrote:
> Try to change step 2 to
> sudo ip route add xx.xxx.xxx.xx/32 via [your PC IP of yyy.yyy.yyy.y
> network] dev en1
I changed that and tried pinging my VPN server again. It just said:
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
...but it didn't mention "ping: sendto: No route to host" which is a good sign I guess.
> Try to change step 2 to
> sudo ip route add xx.xxx.xxx.xx/32 via [your PC IP of yyy.yyy.yyy.y
> network] dev en1
I changed that and tried pinging my VPN server again. It just said:
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
...but it didn't mention "ping: sendto: No route to host" which is a good sign I guess.
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
UPDATE:
This may be something to do with the fact that I am at college? When I got home I pinged my VPN server with all the steps done and it replied. However, I still couldn't use the internet and when I tried doing 'ping youtube.com' it said no route to host like before.
This may be something to do with the fact that I am at college? When I got home I pinged my VPN server with all the steps done and it replied. However, I still couldn't use the internet and when I tried doing 'ping youtube.com' it said no route to host like before.
-
- Posts: 65
- Joined: Mon Nov 17, 2014 2:11 pm
Re: Routing all traffic through VPN
My test on linux:
# adding vpn ip route
1. ip r add [VPN IP] via [GATEWAY IP]
# removing defaul gateway
2. ip r del default
# connecting to vpn
# if success
# dhcp vpn client
4. dhclient [vpn network name]
5. ping 8.8.8.8
# adding vpn ip route
1. ip r add [VPN IP] via [GATEWAY IP]
# removing defaul gateway
2. ip r del default
# connecting to vpn
# if success
# dhcp vpn client
4. dhclient [vpn network name]
5. ping 8.8.8.8
-
- Posts: 65
- Joined: Mon Nov 17, 2014 2:11 pm
Re: Routing all traffic through VPN
BTW is secureNat enabled and virtual nat function is turned on ?
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
Nemesiz wrote:
> BTW is secureNat enabled and virtual nat function is turned on ?
How can I check this?
I tried what you did and it still did the same thing; but bear in mind that I am on Mac OS X so I am using the OS X equivalent commands.
> BTW is secureNat enabled and virtual nat function is turned on ?
How can I check this?
I tried what you did and it still did the same thing; but bear in mind that I am on Mac OS X so I am using the OS X equivalent commands.
-
- Posts: 65
- Joined: Mon Nov 17, 2014 2:11 pm
Re: Routing all traffic through VPN
securenat is in server side. After all commands can you print routing table ?
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
Nemesiz wrote:
> securenat is in server side. After all commands can you print routing table
Here is a picture:
[removed]
> securenat is in server side. After all commands can you print routing table
Here is a picture:
[removed]
Last edited by Resentic on Mon Jan 07, 2019 11:10 am, edited 1 time in total.
-
- Posts: 65
- Joined: Mon Nov 17, 2014 2:11 pm
Re: Routing all traffic through VPN
For me its looks like OK. But we can start to check from the beginning. From point 1. Can you ping VPN after you add route record about him ?
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
Yes I could ping the VPN. However, I couldn't do, for example: ping youtube.com
-
- Posts: 65
- Joined: Mon Nov 17, 2014 2:11 pm
Re: Routing all traffic through VPN
Maybe it is DNS problem not network. Try to ping VPN gateway ip 10.0.0.3 then ping google DNS server IP 8.8.8.8
If both pings then you need only to change DNS server address.
If you can ping only VPN gateway but no others - try to check secureNat setting (or maybe you use other masquerade technique) http://www.softether.org/index.php?titl ... T_Function
If both pings then you need only to change DNS server address.
If you can ping only VPN gateway but no others - try to check secureNat setting (or maybe you use other masquerade technique) http://www.softether.org/index.php?titl ... T_Function
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
I can only ping 10.0.0.3, when I ping 8.8.8.8 I get 'no route to host' again.
I don't have access to secureNAT since I am connecting to my VPN provider's SoftEther server. What is the masquerade thing you mentioned?
I have sent a ticket to my VPN provider asking whether they have SecureNAT enabled.
I don't have access to secureNAT since I am connecting to my VPN provider's SoftEther server. What is the masquerade thing you mentioned?
I have sent a ticket to my VPN provider asking whether they have SecureNAT enabled.
-
- Posts: 65
- Joined: Mon Nov 17, 2014 2:11 pm
Re: Routing all traffic through VPN
Resentic wrote:
> I can only ping 10.0.0.3, when I ping 8.8.8.8 I get 'no route to host'
> again.
>
> I don't have access to secureNAT since I am connecting to my VPN provider's
> SoftEther server. What is the masquerade thing you mentioned?
"masquerade" is linux iptables (firewall) method to share Internet access (NAT) to become like router.
>
> I have sent a ticket to my VPN provider asking whether they have SecureNAT
> enabled.
I guess VPN provider unchecked Virtual NAT function and did not remove default gateway from virtual DHCP server.
> I can only ping 10.0.0.3, when I ping 8.8.8.8 I get 'no route to host'
> again.
>
> I don't have access to secureNAT since I am connecting to my VPN provider's
> SoftEther server. What is the masquerade thing you mentioned?
"masquerade" is linux iptables (firewall) method to share Internet access (NAT) to become like router.
>
> I have sent a ticket to my VPN provider asking whether they have SecureNAT
> enabled.
I guess VPN provider unchecked Virtual NAT function and did not remove default gateway from virtual DHCP server.
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
Nemesiz wrote:
> I guess VPN provider unchecked Virtual NAT function and did not remove default gateway from virtual DHCP server.
Is this only necessary for the linux/osx version of SoftEther, since I can connect fine to it on Windows?
> I guess VPN provider unchecked Virtual NAT function and did not remove default gateway from virtual DHCP server.
Is this only necessary for the linux/osx version of SoftEther, since I can connect fine to it on Windows?
-
- Posts: 65
- Joined: Mon Nov 17, 2014 2:11 pm
Re: Routing all traffic through VPN
Have you tried to connect to the same VPN on windows ?
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
Yes, the same VPN works perfectly fine with Windows.
UPDATE: They replied saying that SecureNAT is not enabled. If so, how come I am able to connect on Windows?
UPDATE: They replied saying that SecureNAT is not enabled. If so, how come I am able to connect on Windows?
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
I just installed Ubuntu on a virtualbox to test it out and the VPN worked.
That means that there is something I am doing wrong on Mac OS X since it works fine on Linux; any ideas?
That means that there is something I am doing wrong on Mac OS X since it works fine on Linux; any ideas?
-
- Posts: 115
- Joined: Sun Nov 23, 2014 3:29 am
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
BoredAus wrote:
> Have you looked at using L2TP/IPSec option?
>
>
> https://www.softether.org/4-docs/2-howt ... ient_Setup
They are blocked on my network; SoftEther is the only solution I have found that works.
> Have you looked at using L2TP/IPSec option?
>
>
> https://www.softether.org/4-docs/2-howt ... ient_Setup
They are blocked on my network; SoftEther is the only solution I have found that works.
-
- Posts: 115
- Joined: Sun Nov 23, 2014 3:29 am
Re: Routing all traffic through VPN
Resentic wrote:
> I just installed Ubuntu on a virtualbox to test it out and the VPN worked.
>
> That means that there is something I am doing wrong on Mac OS X since it
> works fine on Linux; any ideas?
If L2TP/IPSec is blocked, then I guess the commands mentioned by Nemesiz would not have been the equivalent under OS X or specifically BSD like shell. According to Google searches for instance, there are no references to ip as a program but rather as some programmer's documentation on writing programs to interface with it. The same ip program would have worked under linux but not for route via OS X.
I'd try comparing the two routing tables, the working one from within the linux virtualbox in which you have setup with versus the one on your OS X. It sounds like the 'via' part of the command is where a specific extra routing table was added in between. However I am not sure specifically as I do not have access to a Mac machine.
There are plenty of dirty hacks you can try, for instance setting up L2TP/IPSec server from within the virtualbox that is running linux with a working connection to your host via SoftEther VPN. Then using your Mac, connect to the L2TP server in virtualbox.
> I just installed Ubuntu on a virtualbox to test it out and the VPN worked.
>
> That means that there is something I am doing wrong on Mac OS X since it
> works fine on Linux; any ideas?
If L2TP/IPSec is blocked, then I guess the commands mentioned by Nemesiz would not have been the equivalent under OS X or specifically BSD like shell. According to Google searches for instance, there are no references to ip as a program but rather as some programmer's documentation on writing programs to interface with it. The same ip program would have worked under linux but not for route via OS X.
I'd try comparing the two routing tables, the working one from within the linux virtualbox in which you have setup with versus the one on your OS X. It sounds like the 'via' part of the command is where a specific extra routing table was added in between. However I am not sure specifically as I do not have access to a Mac machine.
There are plenty of dirty hacks you can try, for instance setting up L2TP/IPSec server from within the virtualbox that is running linux with a working connection to your host via SoftEther VPN. Then using your Mac, connect to the L2TP server in virtualbox.
-
- Posts: 65
- Joined: Mon Nov 17, 2014 2:11 pm
Re: Routing all traffic through VPN
I`ll try to test on Mac. Just need to find time to install it in VPS.
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
BoredAus wrote:
> I'd try comparing the two routing tables, the working one from within the linux
> virtualbox in which you have setup with versus the one on your OS X. It sounds like
> the 'via' part of the command is where a specific extra routing table was added in
> between. However I am not sure specifically as I do not have access to a Mac machine.
The Linux routing table in VirtualBox has barely anything in compared to the OS X one, but the routes in there are also in the Mac one (after I add them). Here is a picture comparison of both tables after routing:
[removed]
>I guess the commands mentioned by Nemesiz would not have been the equivalent under OS X
These are the equivalent commands I used:
LINUX >> MAC OS X
sudo dhclient vpn_tap0 >> sudo ipconfig set vpn_tap0 DHCP
sudo ip route add [VPN IP] via [Router gateway IP] dev eth0 >> sudo route add -ifscope eth0 [VPN IP] [Router gateway IP]
sudo ip route del default >> sudo route delete default
sudo ip route add default via [VPN gateway IP] dev vpn_tap0 >> sudo route add -ifscope vpn_tap0 default [VPN gateway IP]
Nemesiz wrote:
>I`ll try to test on Mac. Just need to find time to install it in VPS.
Could you give us an update if you get round to doing this.
> I'd try comparing the two routing tables, the working one from within the linux
> virtualbox in which you have setup with versus the one on your OS X. It sounds like
> the 'via' part of the command is where a specific extra routing table was added in
> between. However I am not sure specifically as I do not have access to a Mac machine.
The Linux routing table in VirtualBox has barely anything in compared to the OS X one, but the routes in there are also in the Mac one (after I add them). Here is a picture comparison of both tables after routing:
[removed]
>I guess the commands mentioned by Nemesiz would not have been the equivalent under OS X
These are the equivalent commands I used:
LINUX >> MAC OS X
sudo dhclient vpn_tap0 >> sudo ipconfig set vpn_tap0 DHCP
sudo ip route add [VPN IP] via [Router gateway IP] dev eth0 >> sudo route add -ifscope eth0 [VPN IP] [Router gateway IP]
sudo ip route del default >> sudo route delete default
sudo ip route add default via [VPN gateway IP] dev vpn_tap0 >> sudo route add -ifscope vpn_tap0 default [VPN gateway IP]
Nemesiz wrote:
>I`ll try to test on Mac. Just need to find time to install it in VPS.
Could you give us an update if you get round to doing this.
Last edited by Resentic on Mon Jan 07, 2019 11:10 am, edited 1 time in total.
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
Anyone got this to work in OS X?
-
- Posts: 65
- Joined: Mon Nov 17, 2014 2:11 pm
Re: Routing all traffic through VPN
Sorry cant get OS X to test.
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
I just can't get it to work. I can connect to my VPN fine with SoftEther but when it comes to routing it, it just doesn't work.
-
- Posts: 12
- Joined: Fri Feb 20, 2015 12:11 am
Re: Routing all traffic through VPN
Doing exact same steps except my commands look like this:
sudo ipconfig set tap0 DHCP
sudo route delete default [router ip]
sudo route add [server ip] [router ip]
sudo route add default [server ip in virtual network]
And mine as well does not work. However I tried to packet sniff and these are results
http://pastebin.com/E2EKBcnB
70.26.74.141 is my server
192.168.137.71 is my mac
As you can see it says Destination unreachable (Port unreachable) which means it does in fact get to the VPN but for some reason when going up the stack it can't find a program at the port? Atleast that is what my google search revealed.
If you look in the logs, atleast for me, it also actually does slowly connects and then instantly disconnects
sudo ipconfig set tap0 DHCP
sudo route delete default [router ip]
sudo route add [server ip] [router ip]
sudo route add default [server ip in virtual network]
And mine as well does not work. However I tried to packet sniff and these are results
http://pastebin.com/E2EKBcnB
70.26.74.141 is my server
192.168.137.71 is my mac
As you can see it says Destination unreachable (Port unreachable) which means it does in fact get to the VPN but for some reason when going up the stack it can't find a program at the port? Atleast that is what my google search revealed.
If you look in the logs, atleast for me, it also actually does slowly connects and then instantly disconnects
-
- Posts: 12
- Joined: Fri Feb 20, 2015 12:11 am
Re: Routing all traffic through VPN
Windows works as well perfectly fine for me o,O
-
- Posts: 12
- Joined: Fri Feb 20, 2015 12:11 am
Re: Routing all traffic through VPN
also works with individual addresses
so like
sudo route add na.leagueoflegends.com [server ip in virtual network]
so like
sudo route add na.leagueoflegends.com [server ip in virtual network]
-
- Posts: 12
- Joined: Fri Feb 20, 2015 12:11 am
Re: Routing all traffic through VPN
Here I made a video on the problem, its kind of long but watch it to see all i've found so far :)
http://youtu.be/gmksVtXIcak
Hopefully we can find a solution together.
Right now I think there is some other IP address that must be forwarded to the router to make it work. Not sure though, need to test this on linux.
If you want logs just ask, just please help fix this :D
http://youtu.be/gmksVtXIcak
Hopefully we can find a solution together.
Right now I think there is some other IP address that must be forwarded to the router to make it work. Not sure though, need to test this on linux.
If you want logs just ask, just please help fix this :D
-
- Posts: 65
- Joined: Mon Nov 17, 2014 2:11 pm
Re: Routing all traffic through VPN
Can you look at server side logs? UDP is not the primary connection method.
-
- Posts: 12
- Joined: Fri Feb 20, 2015 12:11 am
Re: Routing all traffic through VPN
Will do sir, I am going to school right now but when I get there ill ssh in and see.
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
It must be something to do with OS X since I can get it to work fine on Linux using the equivalent commands.
-
- Posts: 12
- Joined: Fri Feb 20, 2015 12:11 am
Re: Routing all traffic through VPN
they have written that the OS X version is actually experimental so yea
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
You would think that, at the very least, the experimental version would actually work though or why release it? Anyway, I hope they fix it soon since I really need it.
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Routing all traffic through VPN
I googled to find way to resolve default gateway problem.
I found this page.
http://qiita.com/ask/items/9ff1529d228ec093aa07
This page said that after IP is assigned from DHCP, add default gateway manually.
I found this page.
http://qiita.com/ask/items/9ff1529d228ec093aa07
This page said that after IP is assigned from DHCP, add default gateway manually.
-
- Posts: 12
- Joined: Fri Feb 20, 2015 12:11 am
Re: Routing all traffic through VPN
We did do that but it won't work. Thats the problem. I don't really understand whats written on that page. :(
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
thisjun wrote:
> I googled to find way to resolve default gateway problem.
> I found this page.
> http://qiita.com/ask/items/9ff1529d228ec093aa07
>
> This page said that after IP is assigned from DHCP, add default gateway
> manually.
I tried using this guide (slightly different than the method I tried as you end up with two default routing rules). However, it still didn't work (resolving host, no internet access).
thisjun, did you get this working?
> I googled to find way to resolve default gateway problem.
> I found this page.
> http://qiita.com/ask/items/9ff1529d228ec093aa07
>
> This page said that after IP is assigned from DHCP, add default gateway
> manually.
I tried using this guide (slightly different than the method I tried as you end up with two default routing rules). However, it still didn't work (resolving host, no internet access).
thisjun, did you get this working?
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Routing all traffic through VPN
Sorry, I don't have Mac OS with SoftEther client.
-
- Posts: 26
- Joined: Mon Jan 26, 2015 8:37 am
Re: Routing all traffic through VPN
Hoping someone has found a solution