June 17, 2010 at 4:03 pm #42446
I have a lan-to-lan VPN setup as the following:
0.0.0.0 -> eth01
10.4.0.0 -> 172.16.100.4
Test PC 10.2.1.1
0.0.0.0 -> eth01
10.2.0.0 -> 172.16.100.2
Test PC 10.4.1.1
Traceroute from 10.2.1.1 to 10.4.1.1 looks correct and vice versa.
Upon installing adding the routes and VPN interface the tunnel comes up and passes traffic.
I have one client machine on each side of the tunnel and have been testing bandwidth with iperf.
Persistant ping is running on each machine back towards the other machine.
On site B I go to the VPN00 interface and uncheck the UP checkbox to bring down interface and the pings stop.
Once I check the box to re-enable, each VPN00 interface shows that it’s connected to the other but I’m unable to ping the remote clients.
Traceroute from SiteA(10.2.1.1) to SiteB(10.4.1.1) looks like this:
10.2.20.1 -> 18.104.22.168 -> 22.214.171.124 -> and then ‘destination network unreachable.’
The 126.96.36.199 address is the router connected to eth01 and 188.8.131.52 is the border router to the internet from my ISP.
Looks like the traffic isn’t being directed to the tunnel.
Symptoms are the same going from the other end.
From each zeroshell box I can ping both 172.16.100.2 and 172.16.100.4 but not beyond. I can only ping the local 172.16 address from each client PC.
I’m not sure where to go with this.
How does taking the VPN interface down and bringing back up affect routing like this? Any suggestions?
I appreciate any help.June 17, 2010 at 6:51 pm #50461
The routes are erased from the routing table, because the interface no longer exists. This is a normal behaviour. Once the tunnel is up again you have to manually add the routes again or have some options in the vpn tunnel to add the routes upon connecting.June 17, 2010 at 7:00 pm #50462
I removed the static route entries and added them back and traffic is passing again. So even though the gui showed the statics they weren’t in the table?
Thanks for the quick response. You are always helpful to everyone.June 18, 2010 at 6:31 am #50463
Maybe there is a bug there. To verify it please try the same and instead of looking at the web interface, open a ssh connection or connect with keyboard and monitor on the terminal and issue the command
This way we’ll see if the routes are added back again to the routing table.
You must be logged in to reply to this topic.