Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Routing through VPN tunnel

Status
Not open for further replies.
lorenzodv

lorenzodv

Programmer
Feb 16, 2001
95
0
0
IT
Please help me: this problem is driving me crazy.
I have two subnets: 192.168.1.0 and 192.168.2.0 connected through a pubblic
WAN.
I successfully enstabilished a VPN tunnel between 192.168.1.1 and
192.168.2.1.

Virtual addresses are the following:
192.168.1.1 10.0.0.1 VPN server
192.168.2.1 10.0.0.2 VPN client

Now, to join the two LANs, I need to route the subnet on the other end
thourgh the tunnel, right?
So...

route add 192.168.1.0 mask 255.255.255.0 10.0.0.2
(on the VPN client - works fine)

route add 192.168.2.0 mask 255.255.255.0 10.0.0.1
(on the VPN server - DOES NOT WORK)
(error: Parameter is incorrect)

Why Windows won't let me add the latter route? It would just send all the
traffic directed to the other subnet on the VPN interface, 10.0.0.1.
It seems I can't add routes through the 10.0.0.1 interface, no matter what
destination I'm trying to route and I can't find a reason for this!

I'm using Windows XP Pro SP1.

Thanks!

 
Sort by date Sort by votes
YES, I was finally able to figure it out. Since the RRAS server is a point-multipoint interface, I need to route through the next hop on the connection, not through the local interface.

route add 192.168.1.0 mask 255.255.255.0 10.0.0.2
(on the VPN client - works fine)

route add 192.168.2.0 mask 255.255.255.0 10.0.0.2
(on the VPN server - FINALLY works fine too)

I was decieved by the fact that a PPTP connection is a point-to-point interface, and I forgot that the RRAS interface is able to enstabilish multiple concurrent connections, so it is a point-multipoint interface.

I still have a couple more doubts:

- The route I added can't be static, because the client IP address does exist only during connection. Is there an automatic way to have Windows run some kind of script executing the "route add" command each time an inbound PPTP connection is accepted?

- Second, the above routes work only with unicast traffic. What destination should I specify to route multicast and broadcast packets? Will them affect broadcast routing on the local LAN?

Thanks in advance for your precious help.
 
Upvote 0 Downvote
I think what you are trying to do would work much better using the ipsec protocol - is this an option ?
 
Upvote 0 Downvote
Weel, I don't want to mess up with certificates and security, but just to have two simple LANs working together.

I had ALREADY estabilished the tunnel, now I must overcome some routing issues. Multicast traffic is directed to 255.255.255.255, but Windows does not want me to add a route for this destination. That's strange, because a route like that is alredy addes, pointing to the LAN card interface.
 
Upvote 0 Downvote
What kind of multicast traffic do you want routed over the vnp tunnel.
 
Upvote 0 Downvote
I think it is broadcast in this case, so the destination address would be 255.255.255.255/32, but as I said, Windows won't let me add a route for this address, although one exists:

255.255.255.255 255.255.255.255 192.168.0.1

192.168.0.1 is the LAN address: obviously Windows is routing all the broadcasts on the LAN. What I would like to add is:

255.255.255.255 255.255.255.255 10.0.0.2

Where 10.0.0.2 leads through the VPN tunnel.
But this doesn't seem to work... maybe I need to set 10.0.0.2 ad the default router (0.0.0.0) ?

Thanks.
 
Upvote 0 Downvote
But I mean why do you want to try and route broadcast traffic over your vpn tunnel ?
 
Upvote 0 Downvote
You might try a directed broadcast to your remote LAN. Instead of routing all broadcasts, use the broadcast destination 192.x.y.255 /32 through the WAN.
 
Upvote 0 Downvote
It would be great if I could direct broadcast. However, there are some office applications as well as some games that broadcast to 255.255.255.255 by design and I can't change it.

The strange thing now is this: WHY am I not able to add a route for 255.255.255.255/32 through 10.0.0.2? It would be exactly the same as the route for 255.255.255.255/32 through 192.168.0.1 that Windows adds when installing a NIC.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sologeek
  • Locked
  • Question
VPN server help
Replies
0
Views
112
sologeek
sologeek
DWheater
  • Locked
  • Question
FTP through Back to Back Firewalls
Replies
0
Views
37
DWheater
DWheater
Sylric
  • Locked
  • Question
Audiocodes Mediant 1000B Routing question
Replies
0
Views
30
Sylric
Sylric
Pushpat
  • Locked
  • Question
send trap to ipnetwork through snmptrap command
Replies
0
Views
43
Pushpat
Pushpat
Pushpat
  • Locked
  • Question
send trap to ipnetwork through snmptrap command
Replies
0
Views
38
Pushpat
Pushpat

Part and Inventory Search

Sponsor

Back
Top