Losing VPN connections when changing default route

gstucky · December 28, 2011, 4:24pm

I have 3 Routerboards connected by VPN connections over the Internet. At one of our locations I have a secondary Internet connection which I would like to use for local internet access. The second Internet connection is already setup with a separate firewall on the network and used for Email.

I want to use the same connection I use for email for internet access to remove the usage from the VPN connection. However if I change the 0.0.0.0/0 route I lose the VPN connections to the other sites.

How do I change the default route to the internet without breaking the VPN connections.

Route List
| Dst. Address | Gateway | Distance | Routing Mark | Pref Source
AS | 0.0.0.0/0 | 24.79.41.121 | 0 | |
DAC | 24.50.150.36/28 | ether 10 reachable | 0 | | 24.50.150.38
DAC | 24.79.41.120/30 | ether 10 reachable | 0 | | 24.79.41.122
AS | 20.20.22.0/24 | site 1 reachable | 1 | |
DAC | 172.31.21.0/24 | ether6 reachable | 0 | | 172.31.21.21
AS | 172.31.23.0/24 | site2 reachable | 1 | |
AS | 192.168.30.0/24 | site2 reachable | 1 | |
DAC | 192.168.70.0/24 | ether1 reachable | 0 | | 192.168.70.251
DAC | 192.168.254.31 | site1 reachable | 0 | | 192.168.254.30
DAC | 192.168.254.36 | site2 reachable | 0 | | 192.168.254.35

Firewall-Nat

| Action | Chain | Src Addr | Dst Addr |Protocol |Src Port |Dst Port |in Interface | Out Interface

0 | accept | srcnat | | 30.30.32.0/24 | | | | |
1 | accept | srcnat | | | | | | | NC
2 | dst-nat | dstnat | 0.0.0.0/0 | 24.79.41.122 |6 (tcp) | |25 | |
3 | masquerade | srcnat | |192.168.70.0/24 | | | | | ether10

guilhermeramires · December 31, 2011, 1:44pm

Uncheck “Add default route” in your VPN client and add the default route manually. At this point do not use the IP address as gateway. Use the vpn interface as gateway.

This way you don’t need to change the default route anymore, ok?