Re: SIOCDELRT, or: proper syntax to delete default route for an interface?

To: debian-user@lists.debian.org
Subject: Re: SIOCDELRT, or: proper syntax to delete default route for an interface?
From: Matt Ventura <mattventura@mattventura.net>
Date: Fri, 23 Jan 2015 12:47:21 -0800
Message-id: <[🔎] 54C2B359.7000408@mattventura.net>
In-reply-to: <[🔎] 7bb023u82uv8@mids.svenhartge.de>
References: <[🔎] 54C1485E.2060408@mattventura.net> <[🔎] 87k30es73k.fsf@pobox.com> <[🔎] 54C1C14D.1040406@mattventura.net> <[🔎] 7bb023u82uv8@mids.svenhartge.de>

On 01/23/2015 04:05 AM, Sven Hartge wrote:

Matt Ventura <mattventura@mattventura.net> wrote:

me@client:~$ date ; sudo route -n
Thu Jan 22 11:48:48 EST 2015
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.144.15.100   128.0.0.0       UG    1      0        0 ppp0
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
10.144.0.1      0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
128.0.0.0       10.144.15.100   128.0.0.0       UG    1      0        0 ppp0
134.67.15.30    10.8.0.5        255.255.255.255 UGH   1      0        0 tun0

Try it with 0.0.0.0 instead of default. I didn't notice that the netmask
was 128.0.0.0 rather than 0.0.0.0. Not sure why it would do that or if
that has some kind of special meaning.

VPN clients normally use two routes as "default" route:

0.0.0.0/128.0.0.0    (or 0.0.0.0/1)
128.0.0.0/128.0.0.0  (or 128.0.0.0/1)

This way, the VPN client does not need to replace the existing default
route. Because those two new route are more specific than 0/0, all
packages are routed into the tunnel and not to the old default gateway.

If the VPN client crashes (or the tunnel interfaces is removed) those
two routes are automatically removed too and the old default route is
active again.

If the client replaced the old default route then you would be left with
a system without any default route, because the new one would have been
deleted together with the tunnel interface.

Grüße,
Sven.

Well, that confirms my original suspicion. The F5 VPN is throwing itsdefault route over the original one, and that's causing traffic to theOpenVPN server to try to route over the F5 VPN. Obviously this doesn'twork because the traffic to the F5 VPN needs to go through the OpenVPNlink, so it becomes circular.


What you need to do is add a route, something like:
route add <external IP of OpenVPN server> gw 192.168.1.1 dev eth0
so that the traffic to the OpenVPN server can be routed properly.

Matt Ventura

Reply to:

Follow-Ups:
- Re: SIOCDELRT, or: proper syntax to delete default route for an interface?
  - From: Sven Hartge <sven@svenhartge.de>

References:
- Re: network newbie seeks assistance debugging iptables for VPN tunnel
  - From: Matt Ventura <mattventura@mattventura.net>
- SIOCDELRT, or: proper syntax to delete default route for an interface?
  - From: Tom Roche <Tom_Roche@pobox.com>
- Re: SIOCDELRT, or: proper syntax to delete default route for an interface?
  - From: Matt Ventura <mattventura@mattventura.net>
- Re: SIOCDELRT, or: proper syntax to delete default route for an interface?
  - From: Sven Hartge <sven@svenhartge.de>

Prev by Date: Re: So much for a wheezy install, massive fail
Next by Date: Re: SIOCDELRT, or: proper syntax to delete default route for an interface?
Previous by thread: Re: SIOCDELRT, or: proper syntax to delete default route for an interface?
Next by thread: Re: SIOCDELRT, or: proper syntax to delete default route for an interface?
Index(es):
- Date
- Thread