Tuesday 9 October 2018

networking - Application / interface specific routing

I have a routing configuration whose intention is to route all traffic through a tunnel (utun3) into an openvpn client which then connects to the openvpn server (64.120.44.114) via my physical interface (en0).


What I want to do is route certain applications directly via the physical interface (en0) instead of through the tunnel (utun3). Currently, the routing pair 0/1 and 128.0/1 is forcing all internet traffic through the tunnel.


What I had imagined is that if I were to send traffic to an internet address from an application that binds its outgoing address on the physical interface (ie. 10.0.1.15), then this traffic will route through the remaining default route for that address' interface (en0). Unfortunately, the operating system simply fails to route these packets instead:


$ ping 8.8.8.8          # or mtr 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=55 time=40.835 ms

$ ping -b utun3 8.8.8.8 # or mtr -a 10.12.44.16 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=55 time=42.036 ms

$ ping -b en0 8.8.8.8   # or mtr -a 10.0.1.15 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: No route to host

Is there something I can do to ensure that packets sent with an outgoing address that is incompatible with the overriding route 0/1, 128.0/1 to instead use the compatible default route? If not, is there some other means of configuring the routing table that might serve the purpose of routing through en0 for specific applications but routing through utun3 "by default"? If there is no such method with respect to routing, can you recommend any software solutions for doing application-specific routing or ignoring the routing table? For my case, ideally the software should run on macOS.


I have the following interfaces:


en0: flags=8863 mtu 1500
    ether 60:03:08:8b:96:88
    inet6 fe80::1c29:1e13:e8ba:fd3%en0 prefixlen 64 secured scopeid 0x5
    inet 10.0.1.15 netmask 0xffffff00 broadcast 10.0.1.255
    nd6 options=201
    media: autoselect
    status: active
utun3: flags=8051 mtu 1500
    inet 10.12.44.16 --> 10.12.44.16 netmask 0xfffffc00

I have the following in my routing table:


default            10.0.1.1           UGSc            0        0     en0
10.0.1.1           0:24:36:a0:86:a5   UHLWIir         4      106     en0
64.120.44.114/32   10.0.1.1           UGSc            1        0     en0

0/1                10.12.44.1         UGSc          101        2   utun3
128.0/1            10.12.44.1         UGSc           12        0   utun3
10.12.44/22        10.12.44.16        UGSc            1        0   utun3
10.12.44.16        10.12.44.16        UH              3      170   utun3
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Where does Skype save my contact's avatars in Linux?

I'm using Skype on Linux. Where can I find images cached by skype of my contact's avatars? Answer I wanted to get those Skype avat...