Re: Two routes to a host: how to make sure which noe is used when?

Stefan Monnier <monnier@xxxxxxxxxxxxxxxx> wrote:
This usually works just dandy, except when AAA.BBB.EEE.FFF or
AAA.BBB.CCC.DDD tries to connect to my VPN-address (i.e. vpnNNN.domain):
- the packets coming from toto.domain reach me fine through the VPN.
- but my replies seem to be sent via the router.

So replace the redundant host gateway host routes (UGH) through eth1
on vpnNNN.domain with host routes (UH) to the same IP addresses through
the PPP interface instead.

I can't replace them because I want the routes through eth1 as well.
I just want connections which started to go over eth1 to keep happening on
eth1 and those that started over ppp0 to keep happening over ppp0.

I see what I overlooked before, namely the network route through ppp0,
so my suggestion about host routes was wrong. If the VPN breaks then I
know of no way to continue via eth1 any previous connections established
via the VPN.

Those special hosts are reachable over both interfaces (and that's
good), but those hosts don't know that the packets coming from my
ppp0 are coming from the same machine as those I send from eth1
(the two interfaces have different IP addresses, for example),
so I need to make sure that replies to packets which arrived on
ppp0 are sent back via ppp0 and similarly for eth1.

If each of the other two hosts also had Internet access through an
Ethernet interface with a routable IP different from that of the VPN
interface then that might solve your problem, assuming you remove the
host routes on vpnNNN.domain.

--
Clifford Kite

.

Relevant Pages