Configure (route) specific connections outside of a VPN
up vote
1
down vote
favorite
here is my situation:
I am using NetworkManager (Gnome) to handle all my network connections.
I am connecting to a VPN with OpenVPN. My firewall (nftables) drops all trafic outside of the tun0 interface.
Now I want to connect to a server (that has a static ip) via ssh, but outside of the VPN tunnel, so I want to tell my machine: For every connection to this IP, do not use the VPN but rather connect directly.
What I did so far: Allow a connection to the server in the firewall.
What I am not really able to figure out:
How do I make my machine connect to the server "outside" of the VPN properly?
I already tried to read up on the problem, the answer I have been able to find was routing, so I am supposed to create a route for all the trafic to the server through a different networking interface, so instead of letting those packages through tun0, they are supposed to go through either wlp2s0 or enp1s0, depending on how I am connected at a given moment.
So I did for example
ip route add IP-ADDRESS dev wlp2s0
This somehow seems to work temporarily (but I dont even know if it should). I am not sure though if this is the correct way to do it.
In case that this is the right idea, I want to configure it so this routing is done "automatically" - so whenever my network connection changes (for example im switching from wifi to wired connection), I want the route to still be there. How do I do that properly?
My system (not sure if this is relevant) is Archlinux with all the latest packages installed.
EDIT: The reason I want to do this is because the server I want to connect to is blocking all of the IPs from my VPN provider. I do trust the server though, so I do not need to use the VPN to connect to this server.
linux ip vpn route
asked 2 days ago
user246093
61
add a comment |
up vote
1
down vote
favorite
here is my situation:
I am using NetworkManager (Gnome) to handle all my network connections.
I am connecting to a VPN with OpenVPN. My firewall (nftables) drops all trafic outside of the tun0 interface.
Now I want to connect to a server (that has a static ip) via ssh, but outside of the VPN tunnel, so I want to tell my machine: For every connection to this IP, do not use the VPN but rather connect directly.
What I did so far: Allow a connection to the server in the firewall.
What I am not really able to figure out:
How do I make my machine connect to the server "outside" of the VPN properly?
I already tried to read up on the problem, the answer I have been able to find was routing, so I am supposed to create a route for all the trafic to the server through a different networking interface, so instead of letting those packages through tun0, they are supposed to go through either wlp2s0 or enp1s0, depending on how I am connected at a given moment.
So I did for example
ip route add IP-ADDRESS dev wlp2s0
This somehow seems to work temporarily (but I dont even know if it should). I am not sure though if this is the correct way to do it.
In case that this is the right idea, I want to configure it so this routing is done "automatically" - so whenever my network connection changes (for example im switching from wifi to wired connection), I want the route to still be there. How do I do that properly?
My system (not sure if this is relevant) is Archlinux with all the latest packages installed.
EDIT: The reason I want to do this is because the server I want to connect to is blocking all of the IPs from my VPN provider. I do trust the server though, so I do not need to use the VPN to connect to this server.
linux ip vpn route
asked 2 days ago
user246093
61
1
The question need not probably be so convoluted. I bet you would manage to convey you want to escape the normal route of VPN with less than 1/3 of that text. And yes, if you want to mess up with routing, the best course of action is understanding the route (and possibly firewalling) commands.
– Rui F Ribeiro
2 days ago
Yes, adding the route for that address is the correct way to do it, and should of course work.
– RalfFriedl
2 days ago
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
here is my situation:
I am using NetworkManager (Gnome) to handle all my network connections.
I am connecting to a VPN with OpenVPN. My firewall (nftables) drops all trafic outside of the tun0 interface.
Now I want to connect to a server (that has a static ip) via ssh, but outside of the VPN tunnel, so I want to tell my machine: For every connection to this IP, do not use the VPN but rather connect directly.
What I did so far: Allow a connection to the server in the firewall.
What I am not really able to figure out:
How do I make my machine connect to the server "outside" of the VPN properly?
I already tried to read up on the problem, the answer I have been able to find was routing, so I am supposed to create a route for all the trafic to the server through a different networking interface, so instead of letting those packages through tun0, they are supposed to go through either wlp2s0 or enp1s0, depending on how I am connected at a given moment.
So I did for example
ip route add IP-ADDRESS dev wlp2s0
This somehow seems to work temporarily (but I dont even know if it should). I am not sure though if this is the correct way to do it.
In case that this is the right idea, I want to configure it so this routing is done "automatically" - so whenever my network connection changes (for example im switching from wifi to wired connection), I want the route to still be there. How do I do that properly?
My system (not sure if this is relevant) is Archlinux with all the latest packages installed.
EDIT: The reason I want to do this is because the server I want to connect to is blocking all of the IPs from my VPN provider. I do trust the server though, so I do not need to use the VPN to connect to this server.
linux ip vpn route
asked 2 days ago
user246093
61
here is my situation:
I am using NetworkManager (Gnome) to handle all my network connections.
I am connecting to a VPN with OpenVPN. My firewall (nftables) drops all trafic outside of the tun0 interface.
Now I want to connect to a server (that has a static ip) via ssh, but outside of the VPN tunnel, so I want to tell my machine: For every connection to this IP, do not use the VPN but rather connect directly.
What I did so far: Allow a connection to the server in the firewall.
What I am not really able to figure out:
How do I make my machine connect to the server "outside" of the VPN properly?
I already tried to read up on the problem, the answer I have been able to find was routing, so I am supposed to create a route for all the trafic to the server through a different networking interface, so instead of letting those packages through tun0, they are supposed to go through either wlp2s0 or enp1s0, depending on how I am connected at a given moment.
So I did for example
ip route add IP-ADDRESS dev wlp2s0
This somehow seems to work temporarily (but I dont even know if it should). I am not sure though if this is the correct way to do it.
In case that this is the right idea, I want to configure it so this routing is done "automatically" - so whenever my network connection changes (for example im switching from wifi to wired connection), I want the route to still be there. How do I do that properly?
My system (not sure if this is relevant) is Archlinux with all the latest packages installed.
EDIT: The reason I want to do this is because the server I want to connect to is blocking all of the IPs from my VPN provider. I do trust the server though, so I do not need to use the VPN to connect to this server.
linux ip vpn route
linux ip vpn route
asked 2 days ago
user246093
61
asked 2 days ago
user246093
61
asked 2 days ago
user246093
61
asked 2 days ago
user246093
61
asked 2 days ago
user246093
61
61
1
The question need not probably be so convoluted. I bet you would manage to convey you want to escape the normal route of VPN with less than 1/3 of that text. And yes, if you want to mess up with routing, the best course of action is understanding the route (and possibly firewalling) commands.
– Rui F Ribeiro
2 days ago
Yes, adding the route for that address is the correct way to do it, and should of course work.
– RalfFriedl
2 days ago
add a comment |
1
The question need not probably be so convoluted. I bet you would manage to convey you want to escape the normal route of VPN with less than 1/3 of that text. And yes, if you want to mess up with routing, the best course of action is understanding the route (and possibly firewalling) commands.
– Rui F Ribeiro
2 days ago
Yes, adding the route for that address is the correct way to do it, and should of course work.
– RalfFriedl
2 days ago
1
1
The question need not probably be so convoluted. I bet you would manage to convey you want to escape the normal route of VPN with less than 1/3 of that text. And yes, if you want to mess up with routing, the best course of action is understanding the route (and possibly firewalling) commands.
– Rui F Ribeiro
2 days ago
The question need not probably be so convoluted. I bet you would manage to convey you want to escape the normal route of VPN with less than 1/3 of that text. And yes, if you want to mess up with routing, the best course of action is understanding the route (and possibly firewalling) commands.
– Rui F Ribeiro
2 days ago
Yes, adding the route for that address is the correct way to do it, and should of course work.
– RalfFriedl
2 days ago
Yes, adding the route for that address is the correct way to do it, and should of course work.
– RalfFriedl
2 days ago
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f482763%2fconfigure-route-specific-connections-outside-of-a-vpn%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
The question need not probably be so convoluted. I bet you would manage to convey you want to escape the normal route of VPN with less than 1/3 of that text. And yes, if you want to mess up with routing, the best course of action is understanding the route (and possibly firewalling) commands.
– Rui F Ribeiro
2 days ago
Yes, adding the route for that address is the correct way to do it, and should of course work.
– RalfFriedl
2 days ago