# Route problem while accessing vpn



## jleal2003 (Feb 3, 2011)

Hi i have the following problem.

I have one main FreeBSD server/router (192.168.31.31) that serves 10 diferent subnets, every subnet is administrateed by another FreeBSD router.

I have the routes in the mail server as follows.


```
route add -net 192.168.1.0/24 192.168.1.1 #a
route add -net 192.168.2.0/24 192.168.2.1 #b
route add -net 192.168.3.0/24 192.168.3.1 #c
route add -net 192.168.4.0/24 192.168.4.1 #d
```

Everything is working very well inside that subnets, the problem is for example

If I am in subnet "d" and I try to connect to a VPN using cisco software (vpn ip 201.111.111.111), I connect and I can surf the web with NO problem, BUT when I try to access outlook to send and receive mail when conected to VPN, I can NOT do, it does not work.

I think that I should add some route that allow the packet to go and come back. If I try to do access outlook from my MAIN net (192.168.31.X) there is NO problem. 

Please help will be apreciated

Thanks in advance


----------



## SirDice (Feb 3, 2011)

jleal2003 said:
			
		

> i have the routes in the mail server as follows.
> 
> route add -net 192.168.1.0/24 192.168.1.1 #a
> route add -net 192.168.2.0/24 192.168.2.1 #b
> ...


These routes don't make much sense. In order to route to 192.168.1/0 for instance it will send all packets to 192.168.1.1. This is only possible when 192.168.1.1 is directly connected. If it's directly connected there's no need for the route.



> if i am in subnet "d" and i try to connect tu a VPN using cisco software (vpn ip 201.111.111.111) ,i connect and i can surf the web with NO problem , BUT when y try to access outlook to send and receive mail when conected to VPN , i can NOT do ,it does not work .


Most likely it's because the VPN sets a default gateway. As there is no specific route to the network where the mail server is it will send everything to the default gateway.

Can you post the relevant ifconfig_* bits from /etc/rc.conf?


----------



## jleal2003 (Feb 3, 2011)

*Settings*

For me that routes make sense look :

Main Router (FreeBSD box) 192.168.31.31

Sorry about the routes I send before, correct routes are:


```
route add -net 192.168.1.0/24 192.168.31.1 #a
route add -net 192.168.2.0/24 192.168.31.2 #b
route add -net 192.168.3.0/24 192.168.31.3 #c
route add -net 192.168.4.0/24 192.168.31.4 #d
```


Lab 1 (FreeBSD box) (30 PCS) local net 192.168.1.X  local net server IP 192.168.1.1
ips used 192.168.1.2-255

Lab 2 (FreeBSD box) (110 PCS) local net 192.168.2.X  local net server IP 192.168.2.1
ips used 192.168.2.2-255

Lab 3 and lab 4 are routes 3 and 4

Routes are necessary for me in order to reach diferent subnets and internet.

Y have rc.conf in MAIN FREEBSD ROUTER


```
defaultrouter="192.168.100.254"  #ADSL IP
ifconfig_em0="inet 192.168.100.144 netmask 255.255.255.0"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_flags="-dynamic -m"
natd_interface="em0"            # Public interface or IPaddress to use.
gateway_enable="YES"
```
Thanks in  advance


----------



## SirDice (Feb 3, 2011)

jleal2003 said:
			
		

> Main Router (freeBSD box) 192.168.31.31
> 
> Sorry about the routes i send before , correct routes are:
> route add -net 192.168.1.0/24 192.168.31.1 #a
> ...


This makes a lot more sense :e


The machine in subnet d probably has only one route and gateway; 192.168.4.1. When the VPN comes up this route will get overwritten by whatever the VPN is set to. That means everything destined to 192.168.31/24 (your mailserver) will get send to the default gateway of the Cisco VPN instead of 192.168.4.1. To solve this you'll need to add a static route for 192.168.31/24 (directed to 192.168.4.1) on that machine.


----------



## jleal2003 (Feb 3, 2011)

*the routes*

Ok I understand your point thank you very much, I have two ideas of local routing

Routes to add on the CLIENT pc


```
route add 192.168.4.0 mask 255.255.255.0 192.168.31.31     ??????
route add 192.168.31.0 mask 255.255.255.0 192.168.4.1    =??????
```
Thanks in advance


----------



## SirDice (Feb 3, 2011)

The client has only access to two gateways, the VPN and 192.168.4.1.

Instead of routing each subnet separately you could add a route for 192.168.0.0/16 to 192.168.4.1. This will route _all_ 192.168/16 traffic to that router. Let it figure out what to do next.

I really suggest brushing up on your TCP/IP knowledge, especially subnets, subnet masks and routing.


----------



## jleal2003 (Feb 3, 2011)

*Thanks*

Thank you very much , any recommendation for reading?.

Cheers


----------



## SirDice (Feb 4, 2011)

I found TCP/IP Illustrated very valuable as a reference. The most important stuff is in volume 1. Volume 2 is interesting if you do lots of socket programming. Volume 3 talks a lot about HTTP, NNTP and TLS.


----------

