[vpn-help] Asymmetric routing between Shrewsoft 2.1.7 and OpenSwan
Erich Titl
erich.titl at think.ch
Fri Sep 16 01:28:11 CDT 2011
Hi Kevin
at 16.09.2011 03:16, Kevin VPN wrote:
> On 09/15/2011 04:26 AM, Erich Titl wrote:
>> Hi Kevin
>>
>> at 15.09.2011 03:22, Kevin VPN wrote:
>>> On 09/14/2011 10:58 AM, Erich Titl wrote:
>>>> Hi Kevin
>>>>
>>>> at 14.09.2011 03:57, Kevin VPN wrote:
>>>>>
>>>>> Hi Erich,
>>>>>
>>>>> Based on the source and destination of the plaintext traffic being
>>>>> private addresses, obviously it's possible to reach from the Shrew
>>>>> client PC to the remote network in some path other than the tunnel.
>>>>> Perhaps that path (route) has a lower metric than the VPN route,
>>>>> and is
>>>>> thus used instead of the tunnel route.
>>>>
>>>> Right, the default route, unfortunately, has a metric of 25, whereas
>>>> the
>>>> Shrewsoft tunnel uses a metric of 31. Can this be configured in the
>>>> product.
>>>>
>>>
>> ...
>>
>>>
>>> I would suggest reading the posts below and playing with your adapter's
>>> Automatic Metric and InterfaceMetric settings to see if you can correct
>>> the problem.
>>
>> Thanks, in the real world, where the remote network cannot be reached
>> directly, my setup works fine.
>>
>> I always thought that routing metrics were applied to rules with equal
>> significance, so a default route should not be used when there is a more
>> precise route iven with higher metrics.
>>
>> The route in this case is assigned dynamically using dhcp. AFAIK there
>> is no dhcp router metrics option.
>>
>> Maybe in a directly connected setup icmp redirects take precedents.
>>
>
> Hi Erich,
>
> If the route is dynamic you're still not stuck. Simply increase the
> InterfaceMetric instead. The Microsoft link tells you how to do it:
This was the first thing I tried, doesn not help at all. I did it with
the command line interface and checked in the routing table. The change
does not affect the routing of the packets.
Well, they rewrote the IP stack, what does one expect.....
Thanks
Erich
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2182 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20110916/4054763a/attachment-0002.bin>
More information about the vpn-help
mailing list