LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-07-2016, 06:31 PM   #1
gdayvw
LQ Newbie
 
Registered: Apr 2016
Posts: 6

Rep: Reputation: Disabled
Routing issue


Hello,

I have a SnapGear SG580 which is running gcc version 3.3.2

I have a routing issue with an IPsec VPN

The route table is as follows:
Code:
202.80.145.xxx/29 dev eth1  proto kernel  scope link  src 202.80.145.xxx 
192.168.7.0/24 dev ipsec0  scope link  src 192.168.1.200 
unreachable 192.168.7.0/24  metric 2 
172.16.176.0/24 via 192.168.1.43 dev eth0.2  metric 1 
192.168.3.0/24 dev ipsec0  scope link  src 192.168.1.200 
unreachable 192.168.3.0/24  metric 2 
192.168.1.0/24 dev eth0.2  proto kernel  scope link  src 192.168.1.200 
202.80.145.0/24 dev eth1  proto kernel  scope link  src 202.80.145.xxx 
8.8.8.0/24 via 192.168.1.99 dev eth0.2 
10.3.0.0/16 dev ipsec0  scope link  src 192.168.1.200 
unreachable 10.3.0.0/16  metric 2 
10.1.0.0/16 dev ipsec0  scope link  src 192.168.1.200 
unreachable 10.1.0.0/16  metric 2 
10.5.0.0/16 dev ipsec0  scope link  src 192.168.1.200 
unreachable 10.5.0.0/16  metric 2 
10.11.0.0/16 dev ipsec0  scope link  src 192.168.1.200 
unreachable 10.11.0.0/16  metric 2 
default via 202.80.145.xxx dev eth1  metric 3 
default via 202.80.145.xxx dev eth1  metric 4 
fe80::/64 dev eth1  metric 256  mtu 1500 advmss 1440
fe80::/64 dev eth0  metric 256  mtu 1500 advmss 1440
fe80::/64 dev eth0.2  metric 256  mtu 1500 advmss 1440
fe80::/64 dev ipsec0  metric 256  mtu 1500 advmss 1440
ff00::/8 dev eth1  metric 256  mtu 1500 advmss 1440
ff00::/8 dev eth0  metric 256  mtu 1500 advmss 1440
ff00::/8 dev eth0.2  metric 256  mtu 1500 advmss 1440
ff00::/8 dev ipsec0  metric 256  mtu 1500 advmss 1440
default dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440
default dev eth0.2  proto kernel  metric 256  mtu 1500 advmss 1440
default dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440
default dev ipsec0  proto kernel  metric 256  mtu 1500 advmss 1440
unreachable default dev lo  proto none  metric -1  error -101 advmss 1440
The problem that I have is that when I do a traceroute across the VPN (VPN subnet 10.1.x.x) this is what I see


Trace route to: 10.1.20.63
1 192.168.1.43 (this host is on the LAN - don't understand why it is being contacted)
2 192.168.1.200 (default gateway - I expect this to be the first entry)
3
4
5 10.1.20.63

The SG580 is an appliance and in the GUI interface I can't see any static route entries that could account for the first hop.

The SG580 manual says that the following command lines are supported:
Code:
reports/routes
But doesn't provide any info on how to use/issue the command.

Any suggestions would be appreciated.

Thanks

VW
 
Old 04-07-2016, 09:36 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,334

Rep: Reputation: Disabled
From the routing table it appear that the SG580 is the gateway of the 192.168.1.0/24 network, is that correct? If so, then there's nothing the SG580 can do to force a host on the LAN to use another host as a gateway, unless it's hosting a misconfigured DHCP service that serves out 192.168.1.43 as the gateway address.

Other than being configured with the wrong gateway, either manually or via DHCP, a host may send data to the wrong router for two reasons: Either someone has added a route manually, or the host has received an ICMP redirect message from a router or host on the LAN.

You should check the gateway settings and the routing table of the host that insists on using 192.168.1.43 as its default router.

(BTW, I see you have two static default routes on the SG580. Are you load balancing outbound traffic across two different connections?)
 
1 members found this post helpful.
Old 04-07-2016, 10:29 PM   #3
gdayvw
LQ Newbie
 
Registered: Apr 2016
Posts: 6

Original Poster
Rep: Reputation: Disabled
Hi Ser,

Thanks for replying.

The SG580 is the default gateway for the 192.168.1.0/24 subnet

Can I ask what makes you say that the SG580 has two default routes?

From my perspective there is only one default route: 202.80.145.xxx

Cheers
 
Old 04-08-2016, 01:29 AM   #4
pingu_penguin
Member
 
Registered: Aug 2004
Location: pune
Distribution: Slackware
Posts: 349

Rep: Reputation: 60
Not really an expert here but you are obviously connected to more than one network (I see eth0 and eth1).

Also there is a line having metric 1 , which goes :
172.16.176.0/24 via 192.168.1.43 dev eth0.2 metric 1

the route with the lowest metric is always preferred.

Perhaps you could temporarily remove the above line to verify that your packets go through 192.168.1.200 ?
 
1 members found this post helpful.
Old 04-08-2016, 01:49 AM   #5
gdayvw
LQ Newbie
 
Registered: Apr 2016
Posts: 6

Original Poster
Rep: Reputation: Disabled
Hi Pingu_Penguin,

You're right the SG580 is connected to more than one network.

Thanks for your observation.

It would seem that the SG580 has assigned the VLAN
Code:
172.16.176.0/24 via 192.168.1.43 dev eth0.2  metric 1
as the default gateway in the route table.

Interestingly this contradicts the configuration in the GUI interface where the default gatewway is configured as follows
Code:
202.80.145.xxx/29 dev eth1  proto kernel  scope link  src 202.80.145.xxx
And the network traffic does indeed go out on this interface, but when I run a tracert it goes via 192.168.1.43; and now I understand why.

Thank you
 
Old 04-08-2016, 01:51 AM   #6
pingu_penguin
Member
 
Registered: Aug 2004
Location: pune
Distribution: Slackware
Posts: 349

Rep: Reputation: 60
On an update the online Snapgear manual says under "Routes" section :

Note
Route management does not have full GUI configuration support. We recommend that
only advanced users familiar with the Zebra routing daemon and/or the RIP, BGP or
OSPF routing protocol attempt configuration of this feature.

found the manual here : http://static.highspeedbackbone.net/...ear-manual.pdf
 
Old 04-08-2016, 01:51 AM   #7
pingu_penguin
Member
 
Registered: Aug 2004
Location: pune
Distribution: Slackware
Posts: 349

Rep: Reputation: 60
Glad could of any help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IP Routing Issue melo15 Linux - Newbie 3 07-14-2010 03:06 AM
Routing issue guanyu Linux - Networking 1 09-10-2006 06:55 AM
routing issue.. inode100 Linux - Networking 12 02-25-2004 03:52 PM
routing issue RyPingu Linux - Networking 1 08-15-2003 01:39 PM
Routing Issue jrmann1999 Linux - Networking 1 01-15-2002 10:58 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration