need Openvpn routing help
Ben Scott
dragonhawk at gmail.com
Fri Jun 13 23:26:12 EDT 2008
On Fri, Jun 13, 2008 at 7:21 PM, Michael ODonnell
<michael.odonnell at comcast.net> wrote:
> I believe the route command is used to identify/control
> which interface to use to reach a particular host/network
> [and which one(s) to handoff to in the default case(s)] for
> connections originating on the machine in question. I believe
> that's distinct from forwarding, which determines whether/how
> inbound traffic destined for other hosts/networks is handled,
> and is managed by manipulating /proc/sys/net/ipv4/ip_forward
> and friends via the sysctl command.
Clarification:
The kernel routing table determines the next-hop of all packets the
system transmits[1], regardless of whether they are originating
locally or being forwarded.
The net.ipv4.ip_forward kernel option simply turns forwarding on or
off. When forwarding is off, if the kernel receives a packet for
another host, the packet is dropped[2]. When forwarding is on, the
kernel will use the routing table to decide where such a packet should
go for the next hop.
That next-hop could be a node reachable via a network interface on
the system (such as a host on a locally connected Ethernet, or the
other end of a PPP link). In that case, the routing table will simply
tell the kernel to transmit the packet to that node via the
appropriate interface. Alternatively, the next-hop could be a gateway
-- i.e., not the final destination, but an intermediate node. In that
case, the kernel also uses the routing table to decide how to reach
the gateway.
In simpler terms, a routing table entry -- a route -- simply tells
the kernel, "to reach this destination, use this interface" or "to
reach this destination, use this gateway".
A default route is simply a route which matches any destination.
There is absolutely no difference between a default route and any
other route. There is nothing special about a default route. A
default route is simply the least-specific possible route. Since more
specific routes are always preferred, any other route will be
preferred over a default route. Did I mention that a default route
works like any other route? (Sorry to belabor this, but this is a
common source of confusion.)
Footnotes
---------
[1] Technically speaking, things like iptables (NAT, mangle, etc.),
policy routing, and multiple routing tables can also influence
routing. Presumably, if you're using them, you know about that.
[2] Or maybe an ICMP message gets sent; I forget. Either way, the
packet is not forwarded.
-- Ben
More information about the gnhlug-discuss
mailing list