0

The answer to this question was very helpful for me to understand the routing used with openvpn. But I'm still confused about the tunneling interface (tun0 below), especially in regards to accessing the remote LAN.

Here's the routing table : 

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.172.1.5      128.0.0.0       UG    0      0        0 tun0
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth1
10.172.1.1      10.172.1.5      255.255.255.255 UGH   0      0        0 tun0
10.172.1.5      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
128.0.0.0       10.172.1.5      128.0.0.0       UG    0      0        0 tun0
168.1.6.15      192.168.1.1     255.255.255.255 UGH   0      0        0 eth1
192.168.1.0     0.0.0.0         255.255.255.0   U     1      0        0 eth1

I understand that when using the openvpn, it first goes to 10.172.1.1, and not 10.172.1.5 because of this unicast rule : 

10.172.1.1      10.172.1.5      255.255.255.255 UGH   0      0        0 tun0

Then, since there's no rule for 10.172.1.1, it goes to eth1. But because eth1 have this unicast rule : 

168.1.6.15      192.168.1.1     255.255.255.255 UGH   0      0        0 eth1

It goes out to the other side of the tunnel, at 168.1.6.15.

In the answer of the mentioned question above, it says we could add this rule to access remote LAN : 

10.172.1.0/24 dev tun0  proto kernel  scope link  src 10.172.1.5

But what does it do to access the remote LAN pcs ? Are they directly available from the tunneling interface (tun0) ? If they do, how openvpn goes outside (they are remote) ? Cause I'm premusing it's not using 168.1.6.15 in this case. Does it ?

Thanks for any clarification!

Improve this question

1 Answer 1

Reset to default
1

The whole traffic routed through the tun0 device (included traffic towards 10.172.1.0/24 subnets representing remote LAN pcs) is encrypted and encapsulated and then routed through the eth1 interface.

Encapsulated packet:

  • source IP in 10.172.1.0/24 (tun0 IP address)
  • destination IP in 10.172.1.0/24

packet send through eth1:

  • source IP in 192.168.1.0/24 (eth1 IP address)
  • destination IP: 168.1.15
Improve this answer
1
  • All diagrams shows a "tunnel", and I thought it was the "tun0", a separate tunnel. So every internet traffic, vpn or not, takes the same outgoing path. With VPN, packets are 1-encrypted and encapsulated locally, 2-sent, 3-decrypted remotely. Number 2 is same, wether vpn or not.
    – trogne
    Commented Sep 14, 2017 at 18:31

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .