[vpn-help] Asymmetric routing between Shrewsoft 2.1.7 and OpenSwan
Erich Titl
erich.titl at think.ch
Thu Sep 15 03:26:30 CDT 2011
Hi Kevin
at 15.09.2011 03:22, Kevin VPN wrote:
> On 09/14/2011 10:58 AM, Erich Titl wrote:
>> Hi Kevin
>>
>> at 14.09.2011 03:57, Kevin VPN wrote:
>>>
>>> Hi Erich,
>>>
>>> Based on the source and destination of the plaintext traffic being
>>> private addresses, obviously it's possible to reach from the Shrew
>>> client PC to the remote network in some path other than the tunnel.
>>> Perhaps that path (route) has a lower metric than the VPN route, and is
>>> thus used instead of the tunnel route.
>>
>> Right, the default route, unfortunately, has a metric of 25, whereas the
>> Shrewsoft tunnel uses a metric of 31. Can this be configured in the
>> product.
>>
>
...
>
> I would suggest reading the posts below and playing with your adapter's
> Automatic Metric and InterfaceMetric settings to see if you can correct
> the problem.
Thanks, in the real world, where the remote network cannot be reached
directly, my setup works fine.
I always thought that routing metrics were applied to rules with equal
significance, so a default route should not be used when there is a more
precise route iven with higher metrics.
The route in this case is assigned dynamically using dhcp. AFAIK there
is no dhcp router metrics option.
Maybe in a directly connected setup icmp redirects take precedents.
Thanks
Erich
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2182 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20110915/ecb7590f/attachment-0002.bin>
More information about the vpn-help
mailing list