Adding route to vpn based destinations - vpn not set as default gw

Discussion in 'Server Networking' started by Peter Tobin, Feb 24, 2004.

  1. Peter Tobin

    Peter Tobin Guest

    Help

    I am trying to add a route to a network that is through a vpn connection
    When connected the vpn is not set to be the default gw

    fo this example

    route add 192.168.9.0 mask 255.255.255.0 192.168.10.3

    the .10 network is what I connect to via the VPN
    I cannot set the vpn to use that as the default gateway as that will break
    other things happening on the server (2003) - eg TS from the outside world,
    other tunnels etc

    the error message I get is

    The route addition failed: Either the interface index is wrong or the
    gateway d
    es not lie on the same network as the interface. Check the IP Address Table
    for
    the machine.

    If I do a route print I get

    0x1 ........................... MS TCP Loopback interface
    0x10003 ...00 d0 b7 89 e4 44 ...... Intel(R) 82559 Fast Ethernet LAN on
    Mother
    ard
    0x2c0004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface
    Metric
    0.0.0.0 0.0.0.0 192.168.201.254
    192.168.201.10 20
    127.0.0.0 255.0.0.0 127.0.0.1
    127.0.0.1 1
    192.168.10.0 255.255.255.0 192.168.10.194 192.168.10.194
    1
    192.168.10.194 255.255.255.255 .127.0.0.1 127.0.0.1 50
    192.168.10.255 255.255.255.255 192.168.10.194 192.168.10.194
    50
    192.168.198.0 255.255.255.0 192.168.201.1 192.168.201.10
    1
    192.168.199.0 255.255.255.0 192.168.201.1 192.168.201.10
    1
    192.168.201.0 255.255.255.0 192.168.201.10 192.168.201.10
    20
    192.168.201.10 255.255.255.255 127.0.0.1 127.0.0.1
    20
    192.168.201.255 255.255.255.255 192.168.201.10 192.168.201.10
    20
    210.48.103.2 255.255.255.255 192.168.201.254 192.168.201.10
    20
    224.0.0.0 240.0.0.0 192.168.10.194
    192.168.10.194 50
    224.0.0.0 240.0.0.0 '192.168.201.10
    192.168.201.10 20
    255.255.255.255 255.255.255.255 192.168.201.10 192.168.201.10
    1
    Default Gateway: 192.168.201.254
    ===========================================================================

    Any suggestions ?

    The solution will (I think) require a manual command that I run when this
    VPN is connected - a persistant static is not a good idea as I have another
    vpn that uses .10 (it's outside my control), that we know cannot be used at
    the sme time as this one ....
     
    Peter Tobin, Feb 24, 2004
    #1
    1. Advertisements

  2. The route is wrong. It also should not be on the VPN device itself. From the
    perspective of the VPN device the remote VPN Network is a
    "Directly-Connected-Network" and therefore there is no "route" because it is
    already connected to it to begin with.

    If you have some *other* routing device in your system and the clients use
    it as their Default Gateway, then on *that* device you must either.....

    1. Set the VPN Device as its Default Gateway
    OR
    2. Set a static route on this device that points to the VPN Device for that
    particular VPN Network. If the VPN Device is, for example,192.168.9.5 and
    the remote VPN Network is 192.168.10.x, then the route would be
    "Route add -p 192.168.10.0 mask 255.255.255.0 192.168.9.5"

    On the other hand if there is no *other* routing device used by the clients
    and the clients are simply using the VPN device as the Default Gateway then
    there is no "route" to add to anything anywhere.
     
    Phillip Windell, Feb 24, 2004
    #2
    1. Advertisements

  3. Peter Tobin

    Bill Grant Guest

    If you are making VPN connections to link subnets, you need to use
    demand-dial interfaces to act as the VPN endpoints. That way, you can link
    the static routes to the dd interfaces. When the link is up, the system
    automatically adds the routes to the routing table.

    See the section in help on router to router VPN connections.
     
    Bill Grant, Feb 25, 2004
    #3
  4. Peter Tobin

    Peter Tobin Guest

    Sorry, suspect I was not clear in the original post

    My local network is 192.168.201.*

    I VPN into a network 192.168.10.*

    I cannot set the tcp to use the default gateway on the remote network
    - it's a terminal server and used both locally, and "from the world", which
    would break the TS session if external and changing the default gateway

    I need to access a PC on 192.168.9.0 which can be reached via a router
    connected to the 192.186.10.0 network
     
    Peter Tobin, Feb 25, 2004
    #4
  5. You still are not clear....access 192.168.9.x from what?...the TS Server
    during a TS Session or from your local workstation directly? I'll assume
    this time it is from the TS Server Session, so..the TS Server is trying to
    talk to something on 192.168.9.x .....

    Then your local network block of 192.168.201.x is not relevant to the issue.
    The keyboard and mouse commands are processed by the TS Server when you are
    in a TS Session and your local workstation (192.168.201.x) is meaningless.
    This issue is between the TS Server and the 192.168.9.x network.

    One of two solutions:

    1. The TS Server's Default Gateway must somehow eventually get the traffic
    to 192.168.9.x The 192.168.9.x must also know how to get *back*.

    OR

    2. The TS Server must have a static route to 192.168.9.* Again, the
    192.168.9.x must also know how to get *back*.
     
    Phillip Windell, Feb 25, 2004
    #5
  6. Peter Tobin

    Bill Grant Guest

    If you make a VPN connection to a remote site, your default gateway will
    be set to the "received" IP address. What this really means is that all
    traffic will be sent across the VPN link by default.

    So if you cannot access something on a remote network, the routing
    problem is probably at that remote site, not at your end. The machine you
    want to connect to must have enough routing info to know how to send traffic
    for your VPN client machine back through the VPN link.
     
    Bill Grant, Feb 26, 2004
    #6
  7. Peter Tobin

    Peter Tobin Guest

    Thanks for your replys ...

    The TS is on the 192.168.201.X network

    from the outside world we connect through a real No which is de-nat'd to the
    "local" ts - ie a real no port forwards 3389 to the 201 network

    From the TS we need to vpn to another network that presents a 192.168.10.x
    range of address's.
    That network has servers on yet another range of numbers (192.168.9.x)
    which are connect via a router on the .10 range

    so ....

    what I want to achive is a route that will work when a punter connects to
    our TS, from the world,
    ..
    for example from home someone connects to the TS (which lives on the 201
    network)
    starts a vpn connection on the TS which connects through to the .10 network
    then see through the .10 network to the .9 network range (which is behind a
    router on the .10 network)

    If the punters were all on the local network (201) we could have the default
    gateway setting set on the VPN connection; as they are not, doing this will
    break the TS session (as the route to the outside world is changed)
     
    Peter Tobin, Feb 26, 2004
    #7
  8. Well, I feel like I'm being run around in circles here. Everytime you post
    it is a completely different description. I don't know what to do with it.
     
    Phillip Windell, Feb 26, 2004
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.