On Wed, Aug 15, 2018 at 7:31 AM, Jeroen Balduyck <jeroen.balduyck at gmail.com> wrote: > Why is the interface address also the gateway? It obviously works but > it defies (my) common sense. When I do a traceroute the "real" gateway reveals itself: You are mixing up two different meanings of "gateway" here. What you call the "real gateway" is the external address of the SERVER that's providing you with access to the VPN. Traffic is going to-and-from this server over the public Internet as you use the VPN. In IP-based routing, the term "gateway" indicates a network-layer address (IP address) through which traffic needs to be directed to reach other addresses on the network. In order to send traffic to the hosts in the network behind/through the VPN, they have to be sent through the VPN interface, utun2 in this example. If you try to send IP packets to, let's say, 10.23.167.56, but you don't send them via the utun2 interface, they won't get delivered to the intended destination. A client-server VPN connection is effectively a point-to-point network: each end of the connection can only (directly) address the peer (client or server) on the other end. Therefore, it's entirely logical to say that traffic to the default route (0.0.0.0) needs to be sent via 10.23.167.57, the address of your VPN tunnel interface. So it's the gateway. ?\_(?)_/? -Dan
