82

Greetings,

I'm using vpnc for a VPN client. I'm also doing some tricky things with route to make sure I can still access my local network, etc. etc. (the particulars here are not very important).

Sometimes I get the routing table so jacked up I get ping: sendto: Network is unreachable for urls that should otherwise resolve.

Currently, if I restart Mac OS X then everything is back to normal. What I'd like to do is reset the routing tables to the "default" (e.g. what it is set to at boot) without a whole system reboot.

I think that step 1 is route flush (to remove all routes). And step 2 needs to reload all of the default routes.

Any thoughts on how to do this? (e.g. what is step 2?)

EDIT Also, I'm noticing another symptom is traceroute also fails on the address in question. For instance:

traceroute the.good.dns.name

traceroute: bind: Can't assign requested address

Nate Murray
  • 973
  • 1
  • 7
  • 7

4 Answers4

77

You need to flush the routes . Use route -n flush several times . Afterwards add your routes with route add.

cavver
  • 997
  • 6
  • 5
  • 2
    I've changed this to the accepted answer. It works! I did `route -n flush` several times, then I just restarted my networking via the System preferences. It only took me a year to come back and figure this out :) – Nate Murray May 13 '11 at 16:44
  • This solved a similar problem for me with the Sonicwall's Aventail Connect VPN client which I find particularly prone to "Can't assign requested address" failures, especially when switching wireless networks. Now I have a way to resolve that doesn't avoid a power cycle. Thanks! – Alan Donnelly Oct 18 '12 at 18:56
  • Wow! It also helped with my problem with BarracudaVPN… I switch Wi-Fi off/on, and finally could connect again! Thanks a lot! – hans_meine Jun 27 '19 at 15:50
23

I was running into this issue while using a home OpenVPN server and connecting to it using the Tunnelblick application on Mac.

What was happening on my end is that a route with my home IP as the destination and an incorrect gateway was getting leftover after disconnecting from the VPN. Deleting this route solved the issue, simply

$ sudo route -n delete the.good.dns.name

Example: I am at school and after a fresh computer boot, I connect to a wireless network. I connect to my home OpenVPN server with Tunnelblick. 

$ netstat -nr
Destination                   Gateway
....
[home-ip]/32                  [school-default-gateway-1] ....
....

I disconnect from the VPN server. I change wireless networks. This changes my default gateway.

$ netstat -nr
Destination                   Gateway
...
[home-ip]/32                  [school-default-gateway-1] ...
...
$ ping [home-ip]
PING [home-ip]: 56 data bytes
ping: sendto: Network is unreachable
ping: sendto: Network is unreachable
Request timeout for icmp_seq 0
...

I can't under any circumstances connect to my home network (VPN, ping, anything) after this happens. If I then just delete the route:

$ sudo route -n delete [home-ip]
delete net [home-ip]
$ ping [home-ip]
PING [home-ip]: 56 data bytes
64 bytes from [home-ip]: icmp_seq=1 ttl=56 time=13.111 ms

It works fine.

There might be an issue with how the OpenVPN server/client is configured which is leaving this (and I'd be interested in finding out what that is), but I installed a Tunnelblick post-disconnect script that automates this route deletion.

Sean
  • 331
  • 2
  • 2
18

First you need a route for your network interface. If the VPN is disconnected then just take your network interface down and then bring it back up with ifconfig. Then use the route commnand to build in your default gw. So something like:

ifconfig en0 down

ifconfig en0 up

route add <ip address> default

Jordan Eunson
  • 1,312
  • 9
  • 15
7

I was running into the same issue as @Sean (I'm also running OS X), in that when I switched between home and work networks the default route was not getting deleted.

For completeness, when I connect to my VPN at home and running the following command, it'd show the default gateway as below

$ netstat -nr
Destination                   Gateway
...
[home-ip]/32                  [work-default-gateway-1]

And when I disconnected, the [home-ip] gateway would still be there. When I'd connect to my work network I couldn't connect to the internet at all, and run into the same issue as OP

$ traceroute the.good.dns.name    
$ traceroute: bind: Can't assign requested address

I'd then have to manually delete the route with 

$ sudo route -n delete [home-ip]

Initially I put the "route -n delete" in a post-disconnect.sh script, but that was a little messy so instead I found this link

https://code.google.com/p/tunnelblick/issues/detail?id=177

Apparently the reason is due to setting the following in my .ovpn file

user nobody
group nogroup

Which means the route is set up as root, but when the connection is taken down the user is no longer root, so the route can't be deleted.

Commenting these 2 lines in my .ovpn file fixed the problem, without having to use a post-disconnect.sh.

jklp
  • 242
  • 3
  • 7
  • Thanks, this worked for me as well. It's unfortunate that the google code link doesn't work any more. – Toby Feb 01 '18 at 06:06
  • I've tried using your suggestion, the problem is that when I connect to the VPN it pulls the config files from somewhere and overwrites my changes. It isn't getting them from the server, so far as I can tell because when I change those files it doesn't fix the problem. Is there some client-side location where I can find these files and destroy/modify them so my changes will stick? – Finncent Price Oct 24 '18 at 09:19
  • I was making the trivial error of confusing ~/Library with /Library. Oops! For anyone reading this, you want to modify the file in ~/Library/Application Support/Tunnelblick/Configurations/.tblk/Contents/Resources – Finncent Price Oct 24 '18 at 09:26