Skip to main content
Super User

Return to Answer

Fixed Gramatical errors.
Source Link
davidgo
davidgo
  • 71.4k
  • 14
  • 111
  • 169

The issue you are facing is probably one of default/source routing.

When the VPN is not thingon things work because the default gateway is out your Internet connection, but when you start the VPN a coupllecouple of new routes arebeingare being added "0.0.0.0/1 via 10.208.185.5 dev tun1 and 128.0.0.0/1 via 10.208.185.5 dev tun1 " This has the net effect of making the default gateway the VPN endpoint rather then your regular connection.

So there are 2 solutions, depending on what you need to do -

The easier solution is to get rid of those 2 lines creating the default gateway, and program in (or get your provider to program in) specific routes on your VPN connection which you want to access over VPN. This is only an option if you are using a VPN for a specific purpose - eg connecting to a company network, but won't work well for you if you are trying to hide your identity on the wider Internet.

The harder solution is to do "source based routing" - which means setting up 2 routing table - the current one being a default table, with a second table to respond on stuff which comes in over your regular connection directly, with a different default route. This is non-trivial to do, but there are a number of links how to do it, including here and here (The keywords to google would be "source routing" or "policy routing" - If you really want to become expert in this stuff though, you probably need to become familiar with the LART - Chapter 4 covers policy routing)

The issue you are facing is probably one of default/source routing.

When the VPN is not thing work because the default gateway is out your Internet connection, but when you start the VPN a couplle of new routes arebeing added "0.0.0.0/1 via 10.208.185.5 dev tun1 and 128.0.0.0/1 via 10.208.185.5 dev tun1 " This has the net effect of making the default gateway the VPN endpoint rather then your regular connection.

So there are 2 solutions, depending on what you need to do -

The easier solution is to get rid of those 2 lines creating the default gateway, and program in (or get your provider to program in) specific routes on your VPN connection which you want to access over VPN. This is only an option if you are using a VPN for a specific purpose - eg connecting to a company network, but won't work well for you if you are trying to hide your identity on the wider Internet.

The harder solution is to do "source based routing" - which means setting up 2 routing table - the current one being a default table, with a second table to respond on stuff which comes in over your regular connection directly, with a different default route. This is non-trivial to do, but there are a number of links how to do it, including here and here (The keywords to google would be "source routing" or "policy routing" - If you really want to become expert in this stuff though, you probably need to become familiar with the LART - Chapter 4 covers policy routing)

The issue you are facing is probably one of default/source routing.

When the VPN is not on things work because the default gateway is out your Internet connection, but when you start the VPN a couple of new routes are being added "0.0.0.0/1 via 10.208.185.5 dev tun1 and 128.0.0.0/1 via 10.208.185.5 dev tun1 " This has the net effect of making the default gateway the VPN endpoint rather then your regular connection.

So there are 2 solutions, depending on what you need to do -

The easier solution is to get rid of those 2 lines creating the default gateway, and program in (or get your provider to program in) specific routes on your VPN connection which you want to access over VPN. This is only an option if you are using a VPN for a specific purpose - eg connecting to a company network, but won't work well for you if you are trying to hide your identity on the wider Internet.

The harder solution is to do "source based routing" - which means setting up 2 routing table - the current one being a default table, with a second table to respond on stuff which comes in over your regular connection directly, with a different default route. This is non-trivial to do, but there are a number of links how to do it, including here and here (The keywords to google would be "source routing" or "policy routing" - If you really want to become expert in this stuff though, you probably need to become familiar with the LART - Chapter 4 covers policy routing)

Source Link
davidgo
davidgo
  • 71.4k
  • 14
  • 111
  • 169

The issue you are facing is probably one of default/source routing.

When the VPN is not thing work because the default gateway is out your Internet connection, but when you start the VPN a couplle of new routes arebeing added "0.0.0.0/1 via 10.208.185.5 dev tun1 and 128.0.0.0/1 via 10.208.185.5 dev tun1 " This has the net effect of making the default gateway the VPN endpoint rather then your regular connection.

So there are 2 solutions, depending on what you need to do -

The easier solution is to get rid of those 2 lines creating the default gateway, and program in (or get your provider to program in) specific routes on your VPN connection which you want to access over VPN. This is only an option if you are using a VPN for a specific purpose - eg connecting to a company network, but won't work well for you if you are trying to hide your identity on the wider Internet.

The harder solution is to do "source based routing" - which means setting up 2 routing table - the current one being a default table, with a second table to respond on stuff which comes in over your regular connection directly, with a different default route. This is non-trivial to do, but there are a number of links how to do it, including here and here (The keywords to google would be "source routing" or "policy routing" - If you really want to become expert in this stuff though, you probably need to become familiar with the LART - Chapter 4 covers policy routing)