[vpn-help] Asymmetric routing between Shrewsoft 2.1.7 and OpenSwan

Erich Titl erich.titl at think.ch
Thu Sep 15 03:26:30 CDT 2011


Hi Kevin

at 15.09.2011 03:22, Kevin VPN wrote:
> On 09/14/2011 10:58 AM, Erich Titl wrote:
>> Hi Kevin
>>
>> at 14.09.2011 03:57, Kevin VPN wrote:
>>>
>>> Hi Erich,
>>>
>>> Based on the source and destination of the plaintext traffic being
>>> private addresses, obviously it's possible to reach from the Shrew
>>> client PC to the remote network in some path other than the tunnel.
>>> Perhaps that path (route) has a lower metric than the VPN route, and is
>>> thus used instead of the tunnel route.
>>
>> Right, the default route, unfortunately, has a metric of 25, whereas the
>> Shrewsoft tunnel uses a metric of 31. Can this be configured in the
>> product.
>>
> 
...

> 
> I would suggest reading the posts below and playing with your adapter's
> Automatic Metric and InterfaceMetric settings to see if you can correct
> the problem.

Thanks, in the real world, where the remote network cannot be reached
directly, my setup works fine.

I always thought that routing metrics were applied to rules with equal
significance, so a default route should not be used when there is a more
precise route iven with higher metrics.

The route in this case is assigned dynamically using dhcp. AFAIK there
is no dhcp router metrics option.

Maybe in a directly connected setup icmp redirects take precedents.

Thanks

Erich




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2182 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20110915/ecb7590f/attachment-0001.bin>


More information about the vpn-help mailing list