How do I manually add IP to my routing?

1

I need to add an IP to my routing. I'm connected to a lab with Openvpn. My routing looks like this now;

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref   Use Iface
0.0.0.0         192.168.178.1   0.0.0.0         UG    600    0     0   wlan0
192.168.178.0   0.0.0.0         255.255.255.0   U     600    0     0   wlan0
192.168.193.0   0.0.0.0         255.255.255.0   U     0      0     0   tap0

I need to add (example) IP 20.20.20.0/24 so I can visit webserver 20.20.20.8 via tap0. I can't get this to work. How do I set up the correct gateway and IP?

BButter10

Posted 2016-07-02T11:12:50.283

Reputation: 21

Answers

1

Take a look here:

https://askubuntu.com/questions/612840/adding-route-on-client-using-openvpn

D) Bonus option! openvpn also has a up /down directive that allows you to launch a script on connect to vpn this can allow you to do anything you want really. setting dns, routes etc. But it requires you to store the commands in another file.

So if you had the following to your openvpn client config file

script-security 2

up run-stuff-after-vpn-connect.sh

create a file named run-stuff-after-vpn-connect.sh (make sure it has execute permissions. And add:

/bin/sh

route add -net 172.16.0.0/24 dev tun0 will add the route as soon as the tunnel is up

So you basically put your route to a sh file, for example my_route.sh (I'm assuming 192.168.193.1 is your OpenVPN GW local IP address)

#!/bin/sh
/usr/sbin/ip route add 20.20.20.0/24 via 192.168.193.1 dev tap0

then add to your OpenVPN client's config file

up /your path to/my_route.sh

It may not work, so you can also add the route through systemd startup config

[Unit]
Description=OpenVPN connection to %i

[Service]
Type=forking
ExecStart=/usr/bin/openvpn --cd /etc/openvpn --config /etc/openvpn/%i.conf --daemon openvpn@%i
ExecStartPost=/your path to/my-add-route.sh
ExecStop=/your path to/my-remove-route.sh

[Install]
WantedBy=multi-user.target

Shirker

Posted 2016-07-02T11:12:50.283

Reputation: 111

dont forget to make your script executable and always use full path for the commands in your scripts. Not 'route' but '/sbin/route' or wherever its placed in your server. use whereis route to find out the full path – Shirker – 2016-07-02T12:12:17.723

Looked at it but it doesn't make sense to me. I've tried the commands like ip route add 20.20.20.0/24 via xx.xx.xx.xx but I can't get it to work – None – 2016-07-02T12:18:04.637

@BButter10 don't forget the dev tap0 at the end of your route add command. Are you getting an error or is it just silently failing? Update your question with traceroute 20.20.20.8 output. – HashHazard – 2016-07-02T12:45:06.097

Thanks Hollowproc. What I don't understand is that I have to add an IP via a gateway that does not exist. – None – 2016-07-02T13:00:03.693

ip route add 20.20.20.0/24 via (GATEWAY) dev tap0 – None – 2016-07-02T13:01:11.450

But what is my gateway? 0.0.0.0 ? – None – 2016-07-02T13:01:50.233

Do a traceroute to a host in the 192.168.193.0/24 range and see what the first IP it hits in that range is. – HashHazard – 2016-07-02T13:07:37.780

traceroute to 192.168.193.1 (192.168.193.1), 30 hops max, 60 byte packets 1 kali (192.168.193.72) 2998.935 ms !H 2998.897 ms !H 2998.889 ms !H – None – 2016-07-02T13:49:30.537

It's my own IP? – None – 2016-07-02T13:49:41.020

Ok so route add 20.20.20.0/24 via 192.168.193.72 dev tap0.. sidenote if this is for OSCP or other, they have dedicated help that may be more familiar with this specific issue. – HashHazard – 2016-07-02T14:07:25.183

Thank you @Hollowproc, it is for something like OSCP but support is not responding to my messages. I've posted in the forum, contacted the support email.....no response. I did what you said and now I have 20.20.20.0 with gateway KALI. Host is still unreachable. I guess I'll have to wait for a response. It has been over 30 hours though. – BButter10 – 2016-07-02T14:17:13.243

@BButter10 do they have an IRC Channel? That's usually a pretty good place for online help/troubleshooting. – HashHazard – 2016-07-02T14:18:35.110

They do not have an IRC channel like OSCP. I'll wait a few hours and hope I'll get a response. – BButter10 – 2016-07-02T14:30:39.557

if you are using one of common known Linux, like Debian or Centos, just try following command VPN_GW=$(ip addr show | grep -B 2 tap0 | grep -oP '(?<=inet ).*?(?= peer)'); [ ! -z "$VPN_GW" ] && ip route add 20.20.20.0/24 via $VPN_GW dev tap0 || echo "ERROR: No IP address assigned to tap0 device" It will look for IP address of tap0 and add the route, or return an error – Shirker – 2016-07-02T16:46:48.313

sorry, my bad.. The GW IP should be IP of your OpenVPN server, which is in same subnet as IP of your tap0. More likely its 192.168.193.1. So ip route add 20.20.20.0/24 via 192.168.193.1 dev tap0 should work I guess. Also edited my answer – Shirker – 2016-07-02T20:23:26.707

Thanks @Shirker, this is what I tried in the first place. It has not worked. This is what's strange to me. It should work? – BButter10 – 2016-07-03T05:33:20.750

It may not work if you dont have NAT enabled on your OpnVPN server. Something like -A POSTROUTING -s 192.168.193.0/24 -o eth0 -j SNAT --to-source <external IP of OpenVPN server>. As well allowing rule -A INPUT -i tap0 -j ACCEPT – Shirker – 2016-07-04T06:01:13.660

as well make sure ip_forward is enabled on your OpenVPN server. echo 1 > /proc/sys/net/ipv4/ip_forward and sed -i 's@net.ipv4.ip_forward = 0@net.ipv4.ip_forward = 1@g' /etc/sysctl.conf – Shirker – 2016-07-04T06:04:09.910

you may try to check this article http://centos.mwzip.com/wiki/OpenVPN_setup for the basic OpenVPN setup on Centos

– Shirker – 2016-07-04T07:24:09.570

Asked: 2016-07-02T11:12:50.283

Viewed: 355 times

Active: 2016-07-02T20:25:26.343