How to redirect traffic from the primary inet interface on the tap interface?

Trying to set not the most popular VPN solution govpn using tap interfaces.

Configured on the server:
ip tuntap add dev tap10 mode tap
ip addr add 172.16.0.1/24 dev tap10
ip link set up dev tap10

Configured on the client:
ip tuntap add dev tap10 mode tap
ip addr add 172.16.0.2/24 dev tap10
ip link set up dev tap10

If you add on the client
ip route add 172.16.0.1 via 0/1
ip route add 128/1 via 172.16.0.1

from the tutorial, the network in principle is not responding. I understand this is due to the fact that traffic (including the connection to the server) is trying to go through the internal tap10 interface, but the doesn't know how to routit traffic. (The client connection to the VPN server in this configuration just not happening, the client cannot reach the server).

Without the last two rows the client can successfully ping the server at 172.16.0.1, but the rest of the Internet traffic goes through a standard interface.

Looked up, looks like the output of ip route when you connect via OpenVPN, there are 2 rows with default via appears apart from the rest:
default via <ip on tun0> dev tun0 proto static metric 50
default via <ip on wlp3s0> dev wlp3s0 proto static metric 750</ip></ip>

Table of iptables in this case is empty.

Two questions arise:
1) How the system understands that traffic from tap/tun interface in the end, at the outlet of the tap/tun goes through the interface connected to the network in the case of OpenVPN?
2) How to redirect all Internet traffic through the tap interface? (Main question)
July 2nd 19 at 13:39
1 answer
July 2nd 19 at 13:41
Solution
Before you wrap the default gateway through your tap interface, you first need to add route to your VPN server via your eth (or whatever) network interface and assign the smallest metric. Then add the default gateway using the tap interface and give it a metric more.

Here is part of my routing table
$ ip route
default dev tun0 via 10.22.0.5
10.22.0.1 via 10.22.0.5 dev tun0
10.22.0.5 dev tun0 proto kernel scope link src 10.22.0.6
80.232.124.241 via 172.16.35.1 dev eth0
172.16.35.0/24 dev eth0 proto kernel scope link src 172.16.35.254 metric 100


In other words, when you have the default route is wrapped in a tap interface, the system must not lose the route to the VPN server through the eth interface.

Find more questions by tags Linux