How do I route range of destination IPs to wireless interface on a workstation?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
3
down vote

favorite












tl;dr

I need to route workstation VPN traffic through my wireless interface, and all other traffic through wired interface.



More detail



  • I work remotely, and live in a remote area. My primary ISP is via satellite, which has decent speed but high latency. The high latency causes problems over the VPN. i.e. SSH handshake fails because of timeout

  • OS is Fedora 27

  • My VPN works with FortiClient SSL VPN.

  • I have a strong lte signal and can use the VPN seamlessly when tethered to my mobile phone.

  • I don't want to route all traffic over the wireless because cell data is more expensive.

I have to manually switch my laptop to wifi when I want to use the VPN. Is there a way I can route traffic to 10.10.x.x destinations through the wireless interface (after establishing the VPN connection), and have default traffic use the wired connection?







share|improve this question






















  • which OS do you use, solution might depend but that certainly possible
    – Kiwy
    Mar 15 at 13:32










  • dang! I tried to be complete and efficient...forgot that important bit - Fedora
    – Roger Creasy
    Mar 15 at 13:45










  • OK we're not done yet, what's your vpn software ? what's it configuration ? Do not put anything sensible like public ip or shared key of course
    – Kiwy
    Mar 15 at 13:47










  • We use Fortinet routers; my client is Fortinet's Linux desktop client. We use SSl VPN. What other config info do you need? I only had to add the IP of the gateway and the VPN port to the client
    – Roger Creasy
    Mar 15 at 13:50











  • I don't have a centos/fedora/redhat at hand to help you more, but I'm sure it's possible. I don't know how Fedora handle network connection with Gnome.
    – Kiwy
    Mar 15 at 13:57














up vote
3
down vote

favorite












tl;dr

I need to route workstation VPN traffic through my wireless interface, and all other traffic through wired interface.



More detail



  • I work remotely, and live in a remote area. My primary ISP is via satellite, which has decent speed but high latency. The high latency causes problems over the VPN. i.e. SSH handshake fails because of timeout

  • OS is Fedora 27

  • My VPN works with FortiClient SSL VPN.

  • I have a strong lte signal and can use the VPN seamlessly when tethered to my mobile phone.

  • I don't want to route all traffic over the wireless because cell data is more expensive.

I have to manually switch my laptop to wifi when I want to use the VPN. Is there a way I can route traffic to 10.10.x.x destinations through the wireless interface (after establishing the VPN connection), and have default traffic use the wired connection?







share|improve this question






















  • which OS do you use, solution might depend but that certainly possible
    – Kiwy
    Mar 15 at 13:32










  • dang! I tried to be complete and efficient...forgot that important bit - Fedora
    – Roger Creasy
    Mar 15 at 13:45










  • OK we're not done yet, what's your vpn software ? what's it configuration ? Do not put anything sensible like public ip or shared key of course
    – Kiwy
    Mar 15 at 13:47










  • We use Fortinet routers; my client is Fortinet's Linux desktop client. We use SSl VPN. What other config info do you need? I only had to add the IP of the gateway and the VPN port to the client
    – Roger Creasy
    Mar 15 at 13:50











  • I don't have a centos/fedora/redhat at hand to help you more, but I'm sure it's possible. I don't know how Fedora handle network connection with Gnome.
    – Kiwy
    Mar 15 at 13:57












up vote
3
down vote

favorite









up vote
3
down vote

favorite











tl;dr

I need to route workstation VPN traffic through my wireless interface, and all other traffic through wired interface.



More detail



  • I work remotely, and live in a remote area. My primary ISP is via satellite, which has decent speed but high latency. The high latency causes problems over the VPN. i.e. SSH handshake fails because of timeout

  • OS is Fedora 27

  • My VPN works with FortiClient SSL VPN.

  • I have a strong lte signal and can use the VPN seamlessly when tethered to my mobile phone.

  • I don't want to route all traffic over the wireless because cell data is more expensive.

I have to manually switch my laptop to wifi when I want to use the VPN. Is there a way I can route traffic to 10.10.x.x destinations through the wireless interface (after establishing the VPN connection), and have default traffic use the wired connection?







share|improve this question














tl;dr

I need to route workstation VPN traffic through my wireless interface, and all other traffic through wired interface.



More detail



  • I work remotely, and live in a remote area. My primary ISP is via satellite, which has decent speed but high latency. The high latency causes problems over the VPN. i.e. SSH handshake fails because of timeout

  • OS is Fedora 27

  • My VPN works with FortiClient SSL VPN.

  • I have a strong lte signal and can use the VPN seamlessly when tethered to my mobile phone.

  • I don't want to route all traffic over the wireless because cell data is more expensive.

I have to manually switch my laptop to wifi when I want to use the VPN. Is there a way I can route traffic to 10.10.x.x destinations through the wireless interface (after establishing the VPN connection), and have default traffic use the wired connection?









share|improve this question













share|improve this question




share|improve this question








edited Mar 15 at 13:56









Kiwy

5,36743350




5,36743350










asked Mar 15 at 13:24









Roger Creasy

1163




1163











  • which OS do you use, solution might depend but that certainly possible
    – Kiwy
    Mar 15 at 13:32










  • dang! I tried to be complete and efficient...forgot that important bit - Fedora
    – Roger Creasy
    Mar 15 at 13:45










  • OK we're not done yet, what's your vpn software ? what's it configuration ? Do not put anything sensible like public ip or shared key of course
    – Kiwy
    Mar 15 at 13:47










  • We use Fortinet routers; my client is Fortinet's Linux desktop client. We use SSl VPN. What other config info do you need? I only had to add the IP of the gateway and the VPN port to the client
    – Roger Creasy
    Mar 15 at 13:50











  • I don't have a centos/fedora/redhat at hand to help you more, but I'm sure it's possible. I don't know how Fedora handle network connection with Gnome.
    – Kiwy
    Mar 15 at 13:57
















  • which OS do you use, solution might depend but that certainly possible
    – Kiwy
    Mar 15 at 13:32










  • dang! I tried to be complete and efficient...forgot that important bit - Fedora
    – Roger Creasy
    Mar 15 at 13:45










  • OK we're not done yet, what's your vpn software ? what's it configuration ? Do not put anything sensible like public ip or shared key of course
    – Kiwy
    Mar 15 at 13:47










  • We use Fortinet routers; my client is Fortinet's Linux desktop client. We use SSl VPN. What other config info do you need? I only had to add the IP of the gateway and the VPN port to the client
    – Roger Creasy
    Mar 15 at 13:50











  • I don't have a centos/fedora/redhat at hand to help you more, but I'm sure it's possible. I don't know how Fedora handle network connection with Gnome.
    – Kiwy
    Mar 15 at 13:57















which OS do you use, solution might depend but that certainly possible
– Kiwy
Mar 15 at 13:32




which OS do you use, solution might depend but that certainly possible
– Kiwy
Mar 15 at 13:32












dang! I tried to be complete and efficient...forgot that important bit - Fedora
– Roger Creasy
Mar 15 at 13:45




dang! I tried to be complete and efficient...forgot that important bit - Fedora
– Roger Creasy
Mar 15 at 13:45












OK we're not done yet, what's your vpn software ? what's it configuration ? Do not put anything sensible like public ip or shared key of course
– Kiwy
Mar 15 at 13:47




OK we're not done yet, what's your vpn software ? what's it configuration ? Do not put anything sensible like public ip or shared key of course
– Kiwy
Mar 15 at 13:47












We use Fortinet routers; my client is Fortinet's Linux desktop client. We use SSl VPN. What other config info do you need? I only had to add the IP of the gateway and the VPN port to the client
– Roger Creasy
Mar 15 at 13:50





We use Fortinet routers; my client is Fortinet's Linux desktop client. We use SSl VPN. What other config info do you need? I only had to add the IP of the gateway and the VPN port to the client
– Roger Creasy
Mar 15 at 13:50













I don't have a centos/fedora/redhat at hand to help you more, but I'm sure it's possible. I don't know how Fedora handle network connection with Gnome.
– Kiwy
Mar 15 at 13:57




I don't have a centos/fedora/redhat at hand to help you more, but I'm sure it's possible. I don't know how Fedora handle network connection with Gnome.
– Kiwy
Mar 15 at 13:57










2 Answers
2






active

oldest

votes

















up vote
3
down vote













On multiple OS's the manual for route should be of some service.



In addition to this the majority of unix/linux distributions have ip functionality to force routes through specific interfaces based on subnet masking as part of the network interface configuration ensuring these performance / security optimized configurations remain persistent hrough restarts



Example



$ route add -net 10.10.x.x netmask 255.255.255.0 dev wlan0






share|improve this answer




















  • The manual, understandably, assumes some knowledge of some bits. And I am lacking in those areas :-)
    – Roger Creasy
    Mar 15 at 14:12










  • Using your example would 10.10.x.0 route any number in that 0 octet to wlan0 (from your example)? And, the VPN doesn't really come into play because it manages the routes after the route table?
    – Roger Creasy
    Mar 15 at 14:16







  • 2




    @jas you shouldn't use route command nowaday but ip route VPN often create virtual interface so you want first a route to the VPN server through the wifi interface and then when VPN is up you want a route to 10.10.X.X through your VPN . => dougvitale.wordpress.com/2011/12/21/…
    – Kiwy
    Mar 15 at 14:20











  • Thanks, forgot about the new school methods implemented in RPM based distros. Roger, a VPN does indeed add or more specifically tells the IP stack that a new route exists for traffic destined to that interface and subnet mask provided by the new IPSEC tunnel.
    – jas-
    Mar 16 at 13:46

















up vote
1
down vote













1) Check your current routes with ip route.



2) Note how the routes through your VPN interface are set up. Depending on your VPN client (which I don't know), you may have a default route. You also may have the old default route, and two /1 routes to the VPN which override the default route, because they are more specific (OpenVPN does it that way).



3) Add a 10.10.0.0/16 route with the same parameters as the route through the VPN. The command should look something like



ip route add 10.10.0.0/16 via 10.10.12.34 dev vpn0


but of course it depends on your configuration.



4) Remove the route through the VPN with ip route del, using the output from ip route.



5) If you don't have a default route through the wired connection anymore, add one with ip add default via .... You'll need the correct parameters, which are usually distributed from your router with DHCP.



6) It may be helpful to have a look at the configuration with and without the VPN, using ip route. As long as you keep this configuration somewhere, you can always restore your routing to a proper state manually while experimenting.






share|improve this answer




















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );








     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f430400%2fhow-do-i-route-range-of-destination-ips-to-wireless-interface-on-a-workstation%23new-answer', 'question_page');

    );

    Post as a guest






























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    3
    down vote













    On multiple OS's the manual for route should be of some service.



    In addition to this the majority of unix/linux distributions have ip functionality to force routes through specific interfaces based on subnet masking as part of the network interface configuration ensuring these performance / security optimized configurations remain persistent hrough restarts



    Example



    $ route add -net 10.10.x.x netmask 255.255.255.0 dev wlan0






    share|improve this answer




















    • The manual, understandably, assumes some knowledge of some bits. And I am lacking in those areas :-)
      – Roger Creasy
      Mar 15 at 14:12










    • Using your example would 10.10.x.0 route any number in that 0 octet to wlan0 (from your example)? And, the VPN doesn't really come into play because it manages the routes after the route table?
      – Roger Creasy
      Mar 15 at 14:16







    • 2




      @jas you shouldn't use route command nowaday but ip route VPN often create virtual interface so you want first a route to the VPN server through the wifi interface and then when VPN is up you want a route to 10.10.X.X through your VPN . => dougvitale.wordpress.com/2011/12/21/…
      – Kiwy
      Mar 15 at 14:20











    • Thanks, forgot about the new school methods implemented in RPM based distros. Roger, a VPN does indeed add or more specifically tells the IP stack that a new route exists for traffic destined to that interface and subnet mask provided by the new IPSEC tunnel.
      – jas-
      Mar 16 at 13:46














    up vote
    3
    down vote













    On multiple OS's the manual for route should be of some service.



    In addition to this the majority of unix/linux distributions have ip functionality to force routes through specific interfaces based on subnet masking as part of the network interface configuration ensuring these performance / security optimized configurations remain persistent hrough restarts



    Example



    $ route add -net 10.10.x.x netmask 255.255.255.0 dev wlan0






    share|improve this answer




















    • The manual, understandably, assumes some knowledge of some bits. And I am lacking in those areas :-)
      – Roger Creasy
      Mar 15 at 14:12










    • Using your example would 10.10.x.0 route any number in that 0 octet to wlan0 (from your example)? And, the VPN doesn't really come into play because it manages the routes after the route table?
      – Roger Creasy
      Mar 15 at 14:16







    • 2




      @jas you shouldn't use route command nowaday but ip route VPN often create virtual interface so you want first a route to the VPN server through the wifi interface and then when VPN is up you want a route to 10.10.X.X through your VPN . => dougvitale.wordpress.com/2011/12/21/…
      – Kiwy
      Mar 15 at 14:20











    • Thanks, forgot about the new school methods implemented in RPM based distros. Roger, a VPN does indeed add or more specifically tells the IP stack that a new route exists for traffic destined to that interface and subnet mask provided by the new IPSEC tunnel.
      – jas-
      Mar 16 at 13:46












    up vote
    3
    down vote










    up vote
    3
    down vote









    On multiple OS's the manual for route should be of some service.



    In addition to this the majority of unix/linux distributions have ip functionality to force routes through specific interfaces based on subnet masking as part of the network interface configuration ensuring these performance / security optimized configurations remain persistent hrough restarts



    Example



    $ route add -net 10.10.x.x netmask 255.255.255.0 dev wlan0






    share|improve this answer












    On multiple OS's the manual for route should be of some service.



    In addition to this the majority of unix/linux distributions have ip functionality to force routes through specific interfaces based on subnet masking as part of the network interface configuration ensuring these performance / security optimized configurations remain persistent hrough restarts



    Example



    $ route add -net 10.10.x.x netmask 255.255.255.0 dev wlan0







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Mar 15 at 14:08









    jas-

    71038




    71038











    • The manual, understandably, assumes some knowledge of some bits. And I am lacking in those areas :-)
      – Roger Creasy
      Mar 15 at 14:12










    • Using your example would 10.10.x.0 route any number in that 0 octet to wlan0 (from your example)? And, the VPN doesn't really come into play because it manages the routes after the route table?
      – Roger Creasy
      Mar 15 at 14:16







    • 2




      @jas you shouldn't use route command nowaday but ip route VPN often create virtual interface so you want first a route to the VPN server through the wifi interface and then when VPN is up you want a route to 10.10.X.X through your VPN . => dougvitale.wordpress.com/2011/12/21/…
      – Kiwy
      Mar 15 at 14:20











    • Thanks, forgot about the new school methods implemented in RPM based distros. Roger, a VPN does indeed add or more specifically tells the IP stack that a new route exists for traffic destined to that interface and subnet mask provided by the new IPSEC tunnel.
      – jas-
      Mar 16 at 13:46
















    • The manual, understandably, assumes some knowledge of some bits. And I am lacking in those areas :-)
      – Roger Creasy
      Mar 15 at 14:12










    • Using your example would 10.10.x.0 route any number in that 0 octet to wlan0 (from your example)? And, the VPN doesn't really come into play because it manages the routes after the route table?
      – Roger Creasy
      Mar 15 at 14:16







    • 2




      @jas you shouldn't use route command nowaday but ip route VPN often create virtual interface so you want first a route to the VPN server through the wifi interface and then when VPN is up you want a route to 10.10.X.X through your VPN . => dougvitale.wordpress.com/2011/12/21/…
      – Kiwy
      Mar 15 at 14:20











    • Thanks, forgot about the new school methods implemented in RPM based distros. Roger, a VPN does indeed add or more specifically tells the IP stack that a new route exists for traffic destined to that interface and subnet mask provided by the new IPSEC tunnel.
      – jas-
      Mar 16 at 13:46















    The manual, understandably, assumes some knowledge of some bits. And I am lacking in those areas :-)
    – Roger Creasy
    Mar 15 at 14:12




    The manual, understandably, assumes some knowledge of some bits. And I am lacking in those areas :-)
    – Roger Creasy
    Mar 15 at 14:12












    Using your example would 10.10.x.0 route any number in that 0 octet to wlan0 (from your example)? And, the VPN doesn't really come into play because it manages the routes after the route table?
    – Roger Creasy
    Mar 15 at 14:16





    Using your example would 10.10.x.0 route any number in that 0 octet to wlan0 (from your example)? And, the VPN doesn't really come into play because it manages the routes after the route table?
    – Roger Creasy
    Mar 15 at 14:16





    2




    2




    @jas you shouldn't use route command nowaday but ip route VPN often create virtual interface so you want first a route to the VPN server through the wifi interface and then when VPN is up you want a route to 10.10.X.X through your VPN . => dougvitale.wordpress.com/2011/12/21/…
    – Kiwy
    Mar 15 at 14:20





    @jas you shouldn't use route command nowaday but ip route VPN often create virtual interface so you want first a route to the VPN server through the wifi interface and then when VPN is up you want a route to 10.10.X.X through your VPN . => dougvitale.wordpress.com/2011/12/21/…
    – Kiwy
    Mar 15 at 14:20













    Thanks, forgot about the new school methods implemented in RPM based distros. Roger, a VPN does indeed add or more specifically tells the IP stack that a new route exists for traffic destined to that interface and subnet mask provided by the new IPSEC tunnel.
    – jas-
    Mar 16 at 13:46




    Thanks, forgot about the new school methods implemented in RPM based distros. Roger, a VPN does indeed add or more specifically tells the IP stack that a new route exists for traffic destined to that interface and subnet mask provided by the new IPSEC tunnel.
    – jas-
    Mar 16 at 13:46












    up vote
    1
    down vote













    1) Check your current routes with ip route.



    2) Note how the routes through your VPN interface are set up. Depending on your VPN client (which I don't know), you may have a default route. You also may have the old default route, and two /1 routes to the VPN which override the default route, because they are more specific (OpenVPN does it that way).



    3) Add a 10.10.0.0/16 route with the same parameters as the route through the VPN. The command should look something like



    ip route add 10.10.0.0/16 via 10.10.12.34 dev vpn0


    but of course it depends on your configuration.



    4) Remove the route through the VPN with ip route del, using the output from ip route.



    5) If you don't have a default route through the wired connection anymore, add one with ip add default via .... You'll need the correct parameters, which are usually distributed from your router with DHCP.



    6) It may be helpful to have a look at the configuration with and without the VPN, using ip route. As long as you keep this configuration somewhere, you can always restore your routing to a proper state manually while experimenting.






    share|improve this answer
























      up vote
      1
      down vote













      1) Check your current routes with ip route.



      2) Note how the routes through your VPN interface are set up. Depending on your VPN client (which I don't know), you may have a default route. You also may have the old default route, and two /1 routes to the VPN which override the default route, because they are more specific (OpenVPN does it that way).



      3) Add a 10.10.0.0/16 route with the same parameters as the route through the VPN. The command should look something like



      ip route add 10.10.0.0/16 via 10.10.12.34 dev vpn0


      but of course it depends on your configuration.



      4) Remove the route through the VPN with ip route del, using the output from ip route.



      5) If you don't have a default route through the wired connection anymore, add one with ip add default via .... You'll need the correct parameters, which are usually distributed from your router with DHCP.



      6) It may be helpful to have a look at the configuration with and without the VPN, using ip route. As long as you keep this configuration somewhere, you can always restore your routing to a proper state manually while experimenting.






      share|improve this answer






















        up vote
        1
        down vote










        up vote
        1
        down vote









        1) Check your current routes with ip route.



        2) Note how the routes through your VPN interface are set up. Depending on your VPN client (which I don't know), you may have a default route. You also may have the old default route, and two /1 routes to the VPN which override the default route, because they are more specific (OpenVPN does it that way).



        3) Add a 10.10.0.0/16 route with the same parameters as the route through the VPN. The command should look something like



        ip route add 10.10.0.0/16 via 10.10.12.34 dev vpn0


        but of course it depends on your configuration.



        4) Remove the route through the VPN with ip route del, using the output from ip route.



        5) If you don't have a default route through the wired connection anymore, add one with ip add default via .... You'll need the correct parameters, which are usually distributed from your router with DHCP.



        6) It may be helpful to have a look at the configuration with and without the VPN, using ip route. As long as you keep this configuration somewhere, you can always restore your routing to a proper state manually while experimenting.






        share|improve this answer












        1) Check your current routes with ip route.



        2) Note how the routes through your VPN interface are set up. Depending on your VPN client (which I don't know), you may have a default route. You also may have the old default route, and two /1 routes to the VPN which override the default route, because they are more specific (OpenVPN does it that way).



        3) Add a 10.10.0.0/16 route with the same parameters as the route through the VPN. The command should look something like



        ip route add 10.10.0.0/16 via 10.10.12.34 dev vpn0


        but of course it depends on your configuration.



        4) Remove the route through the VPN with ip route del, using the output from ip route.



        5) If you don't have a default route through the wired connection anymore, add one with ip add default via .... You'll need the correct parameters, which are usually distributed from your router with DHCP.



        6) It may be helpful to have a look at the configuration with and without the VPN, using ip route. As long as you keep this configuration somewhere, you can always restore your routing to a proper state manually while experimenting.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Mar 16 at 17:17









        dirkt

        14k2930




        14k2930






















             

            draft saved


            draft discarded


























             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f430400%2fhow-do-i-route-range-of-destination-ips-to-wireless-interface-on-a-workstation%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?