Community discussions

MUM Europe 2020
 
User avatar
macsrwe
Long time Member
Long time Member
Topic Author
Posts: 656
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Need routing help

Fri Apr 30, 2010 9:00 pm

When connected to home router over VPN from foreign address, cannot access machines on home LAN. Routing table is:
#      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          10.100.1.1         1       
 1 ADC  10.100.1.0/24      10.100.1.235    backhaul           0       
 2 ADC  70[redacted]/27    70.[redacted]   backhaul           0       
 3 ADC  192.168.1.0/24     192.168.1.1     ranch-house        0       
 4 X S  192.168.1.0/24     192.168.1.129   ranch-house        1       
 5 ADC  192.168.1.129/32   192.168.1.128   remote-login       0       
 6 A S  192.168.3.0/24     192.168.3.43    NIC-to-MT          1       
 7 ADC  192.168.3.40/32    192.168.3.43    NIC-to-MT          0       
(Rule 4 is a manual rule I tossed in to try to finesse the problem, then disabled. I tried it for both 128 and 129, with no success.)

PC's IP address is 192.168.1.129. Address scan tool reports presence of 192.168.1.1, 128, and 129 only, but nothing else. Traceroute to 192.168.1.10 using either ICMP or TCP shows first step is 192.168.1.128, then nothing further. Problem does not seem to be firewall, as there are no rejections being logged when I enable rejection logging. I feel like I'm missing something basic.
 
User avatar
jwcn
Forum Guru
Forum Guru
Posts: 1501
Joined: Sun Aug 27, 2006 6:49 am
Location: Maryland, USA
Contact:

Re: Need routing help

Sat May 01, 2010 12:03 am

Use separate subnets for the VPN connections i.e. 172.16.1.1/24 for the VPN and 172.16.2.1/24 for the LAN. Make sure the VPN connection is set to use the remote gateway for all address resolution and also make sure you have mangle enabled.

Get away from the traditional 192.168.x.x subnets - Your problem could potentially be going through a router for your remote internet connection that also uses a 192.168.1.x subnet...
 
User avatar
martini
Member Candidate
Member Candidate
Posts: 296
Joined: Tue Dec 21, 2004 12:13 am

Re: Need routing help

Sat May 01, 2010 2:36 am

Use separate subnets for the VPN connections i.e. 172.16.1.1/24 for the VPN and 172.16.2.1/24 for the LAN
Or use pptp bridge with proxy-arp
 
User avatar
macsrwe
Long time Member
Long time Member
Topic Author
Posts: 656
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: Need routing help

Sat May 01, 2010 5:49 am

Perhaps I don't understand what is meant by "use pptp bridge with proxy-arp." I used this strategy previously to connect several routers running a distributed LAN, but I can't make it work here. I can create a bridge and add the ranch-house interface to it, but when I try to add the remote-login interface to it I get told "input does not match any value of interface."

jwcn's answer makes some sense to me. I do realize that if there is a 192.168.1.0/24 net in my "physical" address space before I get into the VPN, I'm hosed (that's been the case before, but not today). My route command is reporting that all 192.168.1.0/24 accesses are being resolved through the VPN, and indeed three of them work (just not an interesting three). But I have no idea why mangle would be necessary to make this work, or how to go about using it to do that. (So far I've used it only to implement PCQ queues.)
 
Lev
just joined
Posts: 10
Joined: Fri Apr 30, 2010 6:04 am

Re: Need routing help

Sat May 01, 2010 8:23 am

If subnet is same then change local subnet. This should not be problem.
I can set up discrete tunnels to US for Hulu and such for individual or WISP. PM or ICQ me

Who is online

Users browsing this forum: No registered users and 89 guests