How do I route range of destination IPs to wireless interface on a workstation?
Clash Royale CLAN TAG#URR8PPP
up vote
3
down vote
favorite
tl;dr
I need to route workstation VPN traffic through my wireless interface, and all other traffic through wired interface.
More detail
- I work remotely, and live in a remote area. My primary ISP is via satellite, which has decent speed but high latency. The high latency causes problems over the VPN. i.e. SSH handshake fails because of timeout
- OS is Fedora 27
- My VPN works with FortiClient SSL VPN.
- I have a strong lte signal and can use the VPN seamlessly when tethered to my mobile phone.
- I don't want to route all traffic over the wireless because cell data is more expensive.
I have to manually switch my laptop to wifi when I want to use the VPN. Is there a way I can route traffic to 10.10.x.x destinations through the wireless interface (after establishing the VPN connection), and have default traffic use the wired connection?
fedora routing vpn
edited Mar 15 at 13:56
Kiwy
5,36743350
asked Mar 15 at 13:24
Roger Creasy
1163
 |Â
show 1 more comment
up vote
3
down vote
favorite
tl;dr
I need to route workstation VPN traffic through my wireless interface, and all other traffic through wired interface.
More detail
- I work remotely, and live in a remote area. My primary ISP is via satellite, which has decent speed but high latency. The high latency causes problems over the VPN. i.e. SSH handshake fails because of timeout
- OS is Fedora 27
- My VPN works with FortiClient SSL VPN.
- I have a strong lte signal and can use the VPN seamlessly when tethered to my mobile phone.
- I don't want to route all traffic over the wireless because cell data is more expensive.
I have to manually switch my laptop to wifi when I want to use the VPN. Is there a way I can route traffic to 10.10.x.x destinations through the wireless interface (after establishing the VPN connection), and have default traffic use the wired connection?
fedora routing vpn
edited Mar 15 at 13:56
Kiwy
5,36743350
asked Mar 15 at 13:24
Roger Creasy
1163
which OS do you use, solution might depend but that certainly possible
– Kiwy
Mar 15 at 13:32
dang! I tried to be complete and efficient...forgot that important bit - Fedora
– Roger Creasy
Mar 15 at 13:45
OK we're not done yet, what's your vpn software ? what's it configuration ? Do not put anything sensible like public ip or shared key of course
– Kiwy
Mar 15 at 13:47
We use Fortinet routers; my client is Fortinet's Linux desktop client. We use SSl VPN. What other config info do you need? I only had to add the IP of the gateway and the VPN port to the client
– Roger Creasy
Mar 15 at 13:50
I don't have a centos/fedora/redhat at hand to help you more, but I'm sure it's possible. I don't know how Fedora handle network connection with Gnome.
– Kiwy
Mar 15 at 13:57
 |Â
show 1 more comment
up vote
3
down vote
favorite
up vote
3
down vote
favorite
tl;dr
I need to route workstation VPN traffic through my wireless interface, and all other traffic through wired interface.
More detail
- I work remotely, and live in a remote area. My primary ISP is via satellite, which has decent speed but high latency. The high latency causes problems over the VPN. i.e. SSH handshake fails because of timeout
- OS is Fedora 27
- My VPN works with FortiClient SSL VPN.
- I have a strong lte signal and can use the VPN seamlessly when tethered to my mobile phone.
- I don't want to route all traffic over the wireless because cell data is more expensive.
I have to manually switch my laptop to wifi when I want to use the VPN. Is there a way I can route traffic to 10.10.x.x destinations through the wireless interface (after establishing the VPN connection), and have default traffic use the wired connection?
fedora routing vpn
edited Mar 15 at 13:56
Kiwy
5,36743350
asked Mar 15 at 13:24
Roger Creasy
1163
tl;dr
I need to route workstation VPN traffic through my wireless interface, and all other traffic through wired interface.
More detail
- I work remotely, and live in a remote area. My primary ISP is via satellite, which has decent speed but high latency. The high latency causes problems over the VPN. i.e. SSH handshake fails because of timeout
- OS is Fedora 27
- My VPN works with FortiClient SSL VPN.
- I have a strong lte signal and can use the VPN seamlessly when tethered to my mobile phone.
- I don't want to route all traffic over the wireless because cell data is more expensive.
I have to manually switch my laptop to wifi when I want to use the VPN. Is there a way I can route traffic to 10.10.x.x destinations through the wireless interface (after establishing the VPN connection), and have default traffic use the wired connection?
fedora routing vpn
edited Mar 15 at 13:56
Kiwy
5,36743350
asked Mar 15 at 13:24
Roger Creasy
1163
edited Mar 15 at 13:56
Kiwy
5,36743350
edited Mar 15 at 13:56
Kiwy
5,36743350
edited Mar 15 at 13:56
Kiwy
5,36743350
5,36743350
asked Mar 15 at 13:24
Roger Creasy
1163
asked Mar 15 at 13:24
Roger Creasy
1163
asked Mar 15 at 13:24
Roger Creasy
1163
1163
which OS do you use, solution might depend but that certainly possible
– Kiwy
Mar 15 at 13:32
dang! I tried to be complete and efficient...forgot that important bit - Fedora
– Roger Creasy
Mar 15 at 13:45
OK we're not done yet, what's your vpn software ? what's it configuration ? Do not put anything sensible like public ip or shared key of course
– Kiwy
Mar 15 at 13:47
We use Fortinet routers; my client is Fortinet's Linux desktop client. We use SSl VPN. What other config info do you need? I only had to add the IP of the gateway and the VPN port to the client
– Roger Creasy
Mar 15 at 13:50
I don't have a centos/fedora/redhat at hand to help you more, but I'm sure it's possible. I don't know how Fedora handle network connection with Gnome.
– Kiwy
Mar 15 at 13:57
 |Â
show 1 more comment
which OS do you use, solution might depend but that certainly possible
– Kiwy
Mar 15 at 13:32
dang! I tried to be complete and efficient...forgot that important bit - Fedora
– Roger Creasy
Mar 15 at 13:45
OK we're not done yet, what's your vpn software ? what's it configuration ? Do not put anything sensible like public ip or shared key of course
– Kiwy
Mar 15 at 13:47
We use Fortinet routers; my client is Fortinet's Linux desktop client. We use SSl VPN. What other config info do you need? I only had to add the IP of the gateway and the VPN port to the client
– Roger Creasy
Mar 15 at 13:50
I don't have a centos/fedora/redhat at hand to help you more, but I'm sure it's possible. I don't know how Fedora handle network connection with Gnome.
– Kiwy
Mar 15 at 13:57
which OS do you use, solution might depend but that certainly possible
– Kiwy
Mar 15 at 13:32
which OS do you use, solution might depend but that certainly possible
– Kiwy
Mar 15 at 13:32
dang! I tried to be complete and efficient...forgot that important bit - Fedora
– Roger Creasy
Mar 15 at 13:45
dang! I tried to be complete and efficient...forgot that important bit - Fedora
– Roger Creasy
Mar 15 at 13:45
OK we're not done yet, what's your vpn software ? what's it configuration ? Do not put anything sensible like public ip or shared key of course
– Kiwy
Mar 15 at 13:47
OK we're not done yet, what's your vpn software ? what's it configuration ? Do not put anything sensible like public ip or shared key of course
– Kiwy
Mar 15 at 13:47
We use Fortinet routers; my client is Fortinet's Linux desktop client. We use SSl VPN. What other config info do you need? I only had to add the IP of the gateway and the VPN port to the client
– Roger Creasy
Mar 15 at 13:50
We use Fortinet routers; my client is Fortinet's Linux desktop client. We use SSl VPN. What other config info do you need? I only had to add the IP of the gateway and the VPN port to the client
– Roger Creasy
Mar 15 at 13:50
I don't have a centos/fedora/redhat at hand to help you more, but I'm sure it's possible. I don't know how Fedora handle network connection with Gnome.
– Kiwy
Mar 15 at 13:57
I don't have a centos/fedora/redhat at hand to help you more, but I'm sure it's possible. I don't know how Fedora handle network connection with Gnome.
– Kiwy
Mar 15 at 13:57
 |Â
show 1 more comment
2 Answers
2
active
oldest
votes
up vote
3
down vote
On multiple OS's the manual for route should be of some service.
In addition to this the majority of unix/linux distributions have ip functionality to force routes through specific interfaces based on subnet masking as part of the network interface configuration ensuring these performance / security optimized configurations remain persistent hrough restarts
Example
$ route add -net 10.10.x.x netmask 255.255.255.0 dev wlan0
answered Mar 15 at 14:08
jas-
71038
The manual, understandably, assumes some knowledge of some bits. And I am lacking in those areas :-)
– Roger Creasy
Mar 15 at 14:12
Using your example would 10.10.x.0 route any number in that 0 octet to wlan0 (from your example)? And, the VPN doesn't really come into play because it manages the routes after the route table?
– Roger Creasy
Mar 15 at 14:16
2
@jas you shouldn't useroutecommand nowaday butip routeVPN often create virtual interface so you want first a route to the VPN server through the wifi interface and then when VPN is up you want a route to 10.10.X.X through your VPN . => dougvitale.wordpress.com/2011/12/21/…
– Kiwy
Mar 15 at 14:20
Thanks, forgot about the new school methods implemented in RPM based distros. Roger, a VPN does indeed add or more specifically tells the IP stack that a new route exists for traffic destined to that interface and subnet mask provided by the new IPSEC tunnel.
– jas-
Mar 16 at 13:46
add a comment |Â
up vote
1
down vote
1) Check your current routes with ip route.
2) Note how the routes through your VPN interface are set up. Depending on your VPN client (which I don't know), you may have a default route. You also may have the old default route, and two /1 routes to the VPN which override the default route, because they are more specific (OpenVPN does it that way).
3) Add a 10.10.0.0/16 route with the same parameters as the route through the VPN. The command should look something like
ip route add 10.10.0.0/16 via 10.10.12.34 dev vpn0
but of course it depends on your configuration.
4) Remove the route through the VPN with ip route del, using the output from ip route.
5) If you don't have a default route through the wired connection anymore, add one with ip add default via .... You'll need the correct parameters, which are usually distributed from your router with DHCP.
6) It may be helpful to have a look at the configuration with and without the VPN, using ip route. As long as you keep this configuration somewhere, you can always restore your routing to a proper state manually while experimenting.
answered Mar 16 at 17:17
dirkt
14k2930
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
On multiple OS's the manual for route should be of some service.
In addition to this the majority of unix/linux distributions have ip functionality to force routes through specific interfaces based on subnet masking as part of the network interface configuration ensuring these performance / security optimized configurations remain persistent hrough restarts
Example
$ route add -net 10.10.x.x netmask 255.255.255.0 dev wlan0
answered Mar 15 at 14:08
jas-
71038
The manual, understandably, assumes some knowledge of some bits. And I am lacking in those areas :-)
– Roger Creasy
Mar 15 at 14:12
Using your example would 10.10.x.0 route any number in that 0 octet to wlan0 (from your example)? And, the VPN doesn't really come into play because it manages the routes after the route table?
– Roger Creasy
Mar 15 at 14:16
2
@jas you shouldn't useroutecommand nowaday butip routeVPN often create virtual interface so you want first a route to the VPN server through the wifi interface and then when VPN is up you want a route to 10.10.X.X through your VPN . => dougvitale.wordpress.com/2011/12/21/…
– Kiwy
Mar 15 at 14:20
Thanks, forgot about the new school methods implemented in RPM based distros. Roger, a VPN does indeed add or more specifically tells the IP stack that a new route exists for traffic destined to that interface and subnet mask provided by the new IPSEC tunnel.
– jas-
Mar 16 at 13:46
add a comment |Â
up vote
3
down vote
On multiple OS's the manual for route should be of some service.
In addition to this the majority of unix/linux distributions have ip functionality to force routes through specific interfaces based on subnet masking as part of the network interface configuration ensuring these performance / security optimized configurations remain persistent hrough restarts
Example
$ route add -net 10.10.x.x netmask 255.255.255.0 dev wlan0
answered Mar 15 at 14:08
jas-
71038
The manual, understandably, assumes some knowledge of some bits. And I am lacking in those areas :-)
– Roger Creasy
Mar 15 at 14:12
Using your example would 10.10.x.0 route any number in that 0 octet to wlan0 (from your example)? And, the VPN doesn't really come into play because it manages the routes after the route table?
– Roger Creasy
Mar 15 at 14:16
2
@jas you shouldn't useroutecommand nowaday butip routeVPN often create virtual interface so you want first a route to the VPN server through the wifi interface and then when VPN is up you want a route to 10.10.X.X through your VPN . => dougvitale.wordpress.com/2011/12/21/…
– Kiwy
Mar 15 at 14:20
Thanks, forgot about the new school methods implemented in RPM based distros. Roger, a VPN does indeed add or more specifically tells the IP stack that a new route exists for traffic destined to that interface and subnet mask provided by the new IPSEC tunnel.
– jas-
Mar 16 at 13:46
add a comment |Â
up vote
3
down vote
up vote
3
down vote
On multiple OS's the manual for route should be of some service.
In addition to this the majority of unix/linux distributions have ip functionality to force routes through specific interfaces based on subnet masking as part of the network interface configuration ensuring these performance / security optimized configurations remain persistent hrough restarts
Example
$ route add -net 10.10.x.x netmask 255.255.255.0 dev wlan0
answered Mar 15 at 14:08
jas-
71038
On multiple OS's the manual for route should be of some service.
In addition to this the majority of unix/linux distributions have ip functionality to force routes through specific interfaces based on subnet masking as part of the network interface configuration ensuring these performance / security optimized configurations remain persistent hrough restarts
Example
$ route add -net 10.10.x.x netmask 255.255.255.0 dev wlan0
answered Mar 15 at 14:08
jas-
71038
answered Mar 15 at 14:08
jas-
71038
answered Mar 15 at 14:08
jas-
71038
answered Mar 15 at 14:08
jas-
71038
71038
The manual, understandably, assumes some knowledge of some bits. And I am lacking in those areas :-)
– Roger Creasy
Mar 15 at 14:12
Using your example would 10.10.x.0 route any number in that 0 octet to wlan0 (from your example)? And, the VPN doesn't really come into play because it manages the routes after the route table?
– Roger Creasy
Mar 15 at 14:16
2
@jas you shouldn't useroutecommand nowaday butip routeVPN often create virtual interface so you want first a route to the VPN server through the wifi interface and then when VPN is up you want a route to 10.10.X.X through your VPN . => dougvitale.wordpress.com/2011/12/21/…
– Kiwy
Mar 15 at 14:20
Thanks, forgot about the new school methods implemented in RPM based distros. Roger, a VPN does indeed add or more specifically tells the IP stack that a new route exists for traffic destined to that interface and subnet mask provided by the new IPSEC tunnel.
– jas-
Mar 16 at 13:46
add a comment |Â
The manual, understandably, assumes some knowledge of some bits. And I am lacking in those areas :-)
– Roger Creasy
Mar 15 at 14:12
Using your example would 10.10.x.0 route any number in that 0 octet to wlan0 (from your example)? And, the VPN doesn't really come into play because it manages the routes after the route table?
– Roger Creasy
Mar 15 at 14:16
2
@jas you shouldn't useroutecommand nowaday butip routeVPN often create virtual interface so you want first a route to the VPN server through the wifi interface and then when VPN is up you want a route to 10.10.X.X through your VPN . => dougvitale.wordpress.com/2011/12/21/…
– Kiwy
Mar 15 at 14:20
Thanks, forgot about the new school methods implemented in RPM based distros. Roger, a VPN does indeed add or more specifically tells the IP stack that a new route exists for traffic destined to that interface and subnet mask provided by the new IPSEC tunnel.
– jas-
Mar 16 at 13:46
The manual, understandably, assumes some knowledge of some bits. And I am lacking in those areas :-)
– Roger Creasy
Mar 15 at 14:12
The manual, understandably, assumes some knowledge of some bits. And I am lacking in those areas :-)
– Roger Creasy
Mar 15 at 14:12
Using your example would 10.10.x.0 route any number in that 0 octet to wlan0 (from your example)? And, the VPN doesn't really come into play because it manages the routes after the route table?
– Roger Creasy
Mar 15 at 14:16
Using your example would 10.10.x.0 route any number in that 0 octet to wlan0 (from your example)? And, the VPN doesn't really come into play because it manages the routes after the route table?
– Roger Creasy
Mar 15 at 14:16
2
2
@jas you shouldn't use
route command nowaday but ip route VPN often create virtual interface so you want first a route to the VPN server through the wifi interface and then when VPN is up you want a route to 10.10.X.X through your VPN . => dougvitale.wordpress.com/2011/12/21/…– Kiwy
Mar 15 at 14:20
@jas you shouldn't use
route command nowaday but ip route VPN often create virtual interface so you want first a route to the VPN server through the wifi interface and then when VPN is up you want a route to 10.10.X.X through your VPN . => dougvitale.wordpress.com/2011/12/21/…– Kiwy
Mar 15 at 14:20
Thanks, forgot about the new school methods implemented in RPM based distros. Roger, a VPN does indeed add or more specifically tells the IP stack that a new route exists for traffic destined to that interface and subnet mask provided by the new IPSEC tunnel.
– jas-
Mar 16 at 13:46
Thanks, forgot about the new school methods implemented in RPM based distros. Roger, a VPN does indeed add or more specifically tells the IP stack that a new route exists for traffic destined to that interface and subnet mask provided by the new IPSEC tunnel.
– jas-
Mar 16 at 13:46
add a comment |Â
up vote
1
down vote
1) Check your current routes with ip route.
2) Note how the routes through your VPN interface are set up. Depending on your VPN client (which I don't know), you may have a default route. You also may have the old default route, and two /1 routes to the VPN which override the default route, because they are more specific (OpenVPN does it that way).
3) Add a 10.10.0.0/16 route with the same parameters as the route through the VPN. The command should look something like
ip route add 10.10.0.0/16 via 10.10.12.34 dev vpn0
but of course it depends on your configuration.
4) Remove the route through the VPN with ip route del, using the output from ip route.
5) If you don't have a default route through the wired connection anymore, add one with ip add default via .... You'll need the correct parameters, which are usually distributed from your router with DHCP.
6) It may be helpful to have a look at the configuration with and without the VPN, using ip route. As long as you keep this configuration somewhere, you can always restore your routing to a proper state manually while experimenting.
answered Mar 16 at 17:17
dirkt
14k2930
add a comment |Â
up vote
1
down vote
1) Check your current routes with ip route.
2) Note how the routes through your VPN interface are set up. Depending on your VPN client (which I don't know), you may have a default route. You also may have the old default route, and two /1 routes to the VPN which override the default route, because they are more specific (OpenVPN does it that way).
3) Add a 10.10.0.0/16 route with the same parameters as the route through the VPN. The command should look something like
ip route add 10.10.0.0/16 via 10.10.12.34 dev vpn0
but of course it depends on your configuration.
4) Remove the route through the VPN with ip route del, using the output from ip route.
5) If you don't have a default route through the wired connection anymore, add one with ip add default via .... You'll need the correct parameters, which are usually distributed from your router with DHCP.
6) It may be helpful to have a look at the configuration with and without the VPN, using ip route. As long as you keep this configuration somewhere, you can always restore your routing to a proper state manually while experimenting.
answered Mar 16 at 17:17
dirkt
14k2930
add a comment |Â
up vote
1
down vote
up vote
1
down vote
1) Check your current routes with ip route.
2) Note how the routes through your VPN interface are set up. Depending on your VPN client (which I don't know), you may have a default route. You also may have the old default route, and two /1 routes to the VPN which override the default route, because they are more specific (OpenVPN does it that way).
3) Add a 10.10.0.0/16 route with the same parameters as the route through the VPN. The command should look something like
ip route add 10.10.0.0/16 via 10.10.12.34 dev vpn0
but of course it depends on your configuration.
4) Remove the route through the VPN with ip route del, using the output from ip route.
5) If you don't have a default route through the wired connection anymore, add one with ip add default via .... You'll need the correct parameters, which are usually distributed from your router with DHCP.
6) It may be helpful to have a look at the configuration with and without the VPN, using ip route. As long as you keep this configuration somewhere, you can always restore your routing to a proper state manually while experimenting.
answered Mar 16 at 17:17
dirkt
14k2930
1) Check your current routes with ip route.
2) Note how the routes through your VPN interface are set up. Depending on your VPN client (which I don't know), you may have a default route. You also may have the old default route, and two /1 routes to the VPN which override the default route, because they are more specific (OpenVPN does it that way).
3) Add a 10.10.0.0/16 route with the same parameters as the route through the VPN. The command should look something like
ip route add 10.10.0.0/16 via 10.10.12.34 dev vpn0
but of course it depends on your configuration.
4) Remove the route through the VPN with ip route del, using the output from ip route.
5) If you don't have a default route through the wired connection anymore, add one with ip add default via .... You'll need the correct parameters, which are usually distributed from your router with DHCP.
6) It may be helpful to have a look at the configuration with and without the VPN, using ip route. As long as you keep this configuration somewhere, you can always restore your routing to a proper state manually while experimenting.
answered Mar 16 at 17:17
dirkt
14k2930
answered Mar 16 at 17:17
dirkt
14k2930
answered Mar 16 at 17:17
dirkt
14k2930
answered Mar 16 at 17:17
dirkt
14k2930
14k2930
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f430400%2fhow-do-i-route-range-of-destination-ips-to-wireless-interface-on-a-workstation%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
which OS do you use, solution might depend but that certainly possible
– Kiwy
Mar 15 at 13:32
dang! I tried to be complete and efficient...forgot that important bit - Fedora
– Roger Creasy
Mar 15 at 13:45
OK we're not done yet, what's your vpn software ? what's it configuration ? Do not put anything sensible like public ip or shared key of course
– Kiwy
Mar 15 at 13:47
We use Fortinet routers; my client is Fortinet's Linux desktop client. We use SSl VPN. What other config info do you need? I only had to add the IP of the gateway and the VPN port to the client
– Roger Creasy
Mar 15 at 13:50
I don't have a centos/fedora/redhat at hand to help you more, but I'm sure it's possible. I don't know how Fedora handle network connection with Gnome.
– Kiwy
Mar 15 at 13:57