Two routes to a host: how to make sure which noe is used when?


I recently bumped into a problem with my VPN:

I've setup my networking as follows:

+-----------+ +----------+
| mymachine |---192.168.1.13--> | myrouter |---> The world
+-----------+ +----------+
|
| +-----------------+
+--vpnNNN.domain--> | Some VPN server |---> *.domain
+-----------------+

Some IP range (corresponding to *.domain) goes through the VPN, but the
default routing rule is to go straight to my router. Plus some addresses in
*.domain are special cased to go via the router: these are machines visible
from outside and I don't want connections to these machines to die/hang when
I start/stop the vpn tunnel. One of those addresses is the VPN server itself.

I.e. the routing table looks like this:

% route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
AAA.BBB.CCC.DDD 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1
AAA.BBB.EEE.FFF 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
AAA.BBB.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ppp0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
%

AAA.BBB.CCC.DDD is the VPN server and AAA.BBB.EEE.FFF is the IMAP server.

This usually works just dandy, except when AAA.BBB.EEE.FFF or
AAA.BBB.CCC.DDD tries to connect to my VPN-address (i.e. vpnNNN.domain):
- the packets coming from toto.domain reach me fine through the VPN.
- but my replies seem to be sent via the router.

I've tried to add a "src" specification to my routing (using the `ip route'
command):

% ip route
AAA.BBB.CCC.DDD via 192.168.1.1 dev eth1 src 192.168.1.13
AAA.BBB.EEE.FFF via 192.168.1.1 dev eth1 src 192.168.1.13
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.13
AAA.BBB.0.0/16 dev ppp0 scope link src AAA.BBB.NNN.MMM
default via 192.168.1.1 dev eth1
%

but it doesn't seem to help. Any idea what I should do?


Stefan
.

Relevant Pages

  • Re: 2 servers and 3 nics = pain of my life
    ... "Since you are using 3rd party VPN, you need not only enable IP ... you may have a name resolution or routing issue. ... WINS server as VPN server DNS and Split Tunneling for VPN? ... How to Setup Windows, Network, VPN & Remote Access on ...
    (microsoft.public.windows.server.networking)
  • Re: RRAS as VPN Server Configuration Questions...
    ... The DNS should be 127.0.0.1. ... The routing problem is the DW should be 192.168.10.1 instead ... Name resulotion on VPN Connection issues on DC, ISA, DNS and WINS server as ...
    (microsoft.public.win2000.ras_routing)
  • Re: VPN / Local resources
    ... The Vista VPN is peer to peer VPN and is not design as VPN server. ... Some one may suggest to enable Ip routing. ... Our first site has Windows Xp on its machines ... When setting up a remote desktop connection there is a tab for Local ...
    (microsoft.public.windows.vista.networking_sharing)
  • Re: Cannot access LAN computers when connecting from externally via VPN.
    ... When you setup VPN on a Windows 2003/2000 server, ... The RRAS server will also act as a routing server in the same time. ... Microsoft Online Partner Support ...
    (microsoft.public.isa)
  • Re: Windows 2003 VPN Default Gateway Issues
    ... Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net ... on the same subnet as the server leads me to believe it was a routing ... A route for the network is implemented ...
    (microsoft.public.windows.server.networking)