Enabling an Internet route through ppp0

Question

I have Debian 8.0.0-64 running on my server, which has eth1 as the interface with the default gateway. eth0 is pointing to the internal network.

root@server:/home/user# ifconfig
eth0      Link encap:Ethernet  HWaddr 06:46:7e:88:72:d7  
          inet addr:10.168.118.205  Bcast:10.168.118.255  Mask:255.255.255.192
          inet6 addr: fe80::446:7eff:fe88:72d7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:161 errors:0 dropped:0 overruns:0 frame:0
          TX packets:203 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:15215 (14.8 KiB)  TX bytes:79027 (77.1 KiB)

eth1      Link encap:Ethernet  HWaddr 06:70:65:5f:e9:89  
          inet addr:167.41.133.218  Bcast:167.41.133.223  Mask:255.255.255.240
          inet6 addr: fe80::470:65ff:fe5f:e989/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:697 errors:0 dropped:0 overruns:0 frame:0
          TX packets:282 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:46420 (45.3 KiB)  TX bytes:33486 (32.7 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:706 errors:0 dropped:0 overruns:0 frame:0
          TX packets:706 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:86847 (84.8 KiB)  TX bytes:86847 (84.8 KiB)

I set up a VPN (TotalVPN) connection using the following instructions: http://pptpclient.sourceforge.net/howto-debian.phtml#configure_by_hand

With pon amsterdam I can actually open a tunnel:

root@server:/home/user# pon amsterdam

root@server:/home/user# ifconfig
ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.126.0.29  P-t-P:10.126.0.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1496  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:60 (60.0 B)  TX bytes:66 (66.0 B)

So far so good. Now I'd love to be able to ping, e.g., google.com (ping -I ppp0 google.com) through the tunnel, without losing the possibility to use eth1 as my default interface (ping google.com). How can I setup a route or whatever needed, so that traffic (to the internet) can be going through the tunnel, if specifically asked for, i.e., by defining the interface ppp0 to be used?

Here is some information (the name of the VPN connection is amsterdam):

root@server:/home/user# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         167.41.133.209  0.0.0.0         UG    0      0        0 eth1
10.0.0.0        10.168.118.193  255.0.0.0       UG    0      0        0 eth0
10.168.118.192  0.0.0.0         255.255.255.192 U     0      0        0 eth0
161.26.0.0      10.168.118.193  255.255.0.0     UG    0      0        0 eth0
167.41.133.208  0.0.0.0         255.255.255.240 U     0      0        0 eth1

root@server:/home/user# pon amsterdam

root@server:/home/user# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0           0.0.0.0         UG    0      0        0 eth1
10.0.0.0        10.168.118.193  255.0.0.0       UG    0      0        0 eth0
10.126.0.1      0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
10.168.118.192  0.0.0.0         255.255.255.192 U     0      0        0 eth0
45.32.239.20    167.41.133.209  255.255.255.255 UGH   0      0        0 eth1
161.26.0.0      10.168.118.193  255.255.0.0     UG    0      0        0 eth0
167.41.133.208  0.0.0.0         255.255.255.240 U     0      0        0 eth1

root@server:/home/user# poff amsterdam

root@server:/home/user# route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         167.41.133.209  0.0.0.0         UG    0      0        0 eth1
10.0.0.0        10.168.118.193  255.0.0.0       UG    0      0        0 eth0
10.168.118.192  0.0.0.0         255.255.255.192 U     0      0        0 eth0
45.32.239.20    167.41.133.209  255.255.255.255 UGH   0      0        0 eth1
161.26.0.0      10.168.118.193  255.255.0.0     UG    0      0        0 eth0
167.41.133.208  0.0.0.0         255.255.255.240 U     0      0        0 eth1

root@server:/home/user#

I found two solutions, which worked on the first view, but they really don't work (and I don't know why).

Adding route add default metric 10 gw $PPP_REMOTE $PPP_IFNAME in the up-script, or
add defaultroute to the pptp configuration

In both cases, calling curl --interface ppp0 ifconfig.co as root works and returns the IP address of the VPN connection, but I cannot execute the command as any other non-root user. The command curl --interface eth1 ifconfig.co works fine as root or a normal user.

score 3 · Accepted Answer · answered Nov 15 '16 at 19:41

To achieve what I wanted to achieve I had to do the following things:

Step 1: Install the PPTP Client Program for Debian Project

Step 2: Setup the PPTP connection

Step 3: Testing the connection

Step 4: Adding the route

Step 5: Final check

For the first three steps, I mainly followed http://pptpclient.sourceforge.net/howto-debian.phtml. After doing so, I found this great article (https://www.thomas-krenn.com/en/wiki/Two_Default_Gateways_on_One_System), which explains on how to add two default gateways. The main idea behind the second gateway approach, is to create a Second Routing Table in /etc/iproute2/rt_tables (in my case I named it ppp). After this is done, routes are added to this new table and rules are defined:

ip route add 10.10.0.0/24 dev eth1 src 10.10.0.10 table ppp
ip route add default via 10.10.0.1 dev eth1 table ppp

ip rule add from 10.10.0.10/32 table ppp
ip rule add to 10.10.0.10/32 table ppp

After testing, I added the scripts, so that the routes are added and deleted whenever the VPN connection is established, i.e.,

ip-up script

#!/bin/sh

if [ "$PPP_IPPARAM" = "amsterdam" ] ; then

  /sbin/ip route add $PPP_LOCAL/24 dev $PPP_IFACE src $PPP_LOCAL table ppp
  /sbin/ip route add default via $PPP_REMOTE dev $PPP_IFACE table ppp

  /sbin/ip rule add from $PPP_LOCAL/32 table ppp
  /sbin/ip rule add to $PPP_LOCAL/32 table ppp
fi

ip-down script

#!/bin/sh

if [ "$PPP_IPPARAM" = "amsterdam" ] ; then

  /sbin/ip route del $PPP_LOCAL/24 dev $PPP_IFACE src $PPP_LOCAL table ppp
  /sbin/ip route del default via $PPP_REMOTE dev $PPP_IFACE table ppp

  /sbin/ip rule del from $PPP_LOCAL/32 table ppp
  /sbin/ip rule del to $PPP_LOCAL/32 table ppp
fi

That works perfectly and I'm able to pick the second gateway whenever needed.

score 2 · Answer 2 · answered Oct 12 '16 at 05:34

2

You can use route or the newer ip route to set up routes:

ip route

shows the existing routes, and

ip route del default via 167.41.133.218
ip route add default via 10.126.0.29

replaces the default route over eth1 with a route over ppp0

The "if specifically asked for" is a problem - you set routes by destination address, not by program. So if you know which addresses you want to contact via ppp0, you can set these addresses as non-default routes.

Alternatively, you can use network namespaces to have some programs use a different network configuration, but this is not so easy to setup and has some pitfalls (e.g. different resolve.conf are needed).

answered Oct 12 '16 at 05:34

dirkt

31,679
3
40
73

I'll look into the network namespaces. The first idea is not really a solution. I need both interfaces to be able to retrieve data from the internet and select the device via the `-i`, `-I`, or `--interface` switch depending on the command or application I'm using. – Philipp Oct 12 '16 at 06:43
Can you give examples of what commands or applications you intend to use? The majority of them doesn't have any sort of `--interface` switch, and because of the way networking works, it's impossible to add any such switch. – dirkt Oct 12 '16 at 07:36
Of course just linux commands would be `curl`, `ping`, `traceroute`, but I also have a Java application, which supports an interface switch (based on HtmlUnit), which allows to decide which interface to use to retrieve data from a web-site. I don't understand the comment "it's impossible", several linux commands support such a switch (as mentioned before) and I have seen servers supporting multiple interfaces facing the internet and using exactly these and other commands (just don't know how they are configured). – Philipp Oct 12 '16 at 17:48

score 1 · Answer 3 · answered May 27 '19 at 18:39

Simple bash script to access the internet from ppp0-vpn

## Instruction to Use
- Once you are connected to ppp0-VPN
- Run this bash script. Command shared below
> chmod +x router-ppp0toint.sh
> ./router-ppp0toint.sh

router-ppp0toint.sh

#!/bin/bash

IP=$(ifconfig ppp0 | grep inet | cut -d: -f2 |awk '{print $2}') #IP assigned post connected to ppp0 VPN

echo $IP  #echos ppp0 IP

route del -net 0.0.0.0 gw $IP dev ppp0 

route add -net 172.16.0.0 gw $IP netmask 255.255.0.0 dev ppp0 #add static route

route add -net 192.168.0.0 gw $IP netmask 255.255.0.0 dev ppp0

Github-Bash Script for internet in ppp0-vpn

Not only are `ifconfig` and `route` deprecated, this only sets route to private address ranges. — RalfFriedl, May 27 '19 at 18:51

Enabling an Internet route through ppp0

3 Answers3

Linked