Route problem while accessing vpn

[jleal2003]

Hi i have the following problem.

I have one main FreeBSD server/router (192.168.31.31) that serves 10 diferent subnets, every subnet is administrateed by another FreeBSD router.

I have the routes in the mail server as follows.

route add -net 192.168.1.0/24 192.168.1.1 #a
route add -net 192.168.2.0/24 192.168.2.1 #b
route add -net 192.168.3.0/24 192.168.3.1 #c
route add -net 192.168.4.0/24 192.168.4.1 #d

Everything is working very well inside that subnets, the problem is for example

If I am in subnet "d" and I try to connect to a VPN using cisco software (vpn ip 201.111.111.111), I connect and I can surf the web with NO problem, BUT when I try to access outlook to send and receive mail when conected to VPN, I can NOT do, it does not work.

I think that I should add some route that allow the packet to go and come back. If I try to do access outlook from my MAIN net (192.168.31.X) there is NO problem.

Please help will be apreciated

Thanks in advance

 

[SirDice]

i have the routes in the mail server as follows.

route add -net 192.168.1.0/24 192.168.1.1 #a
route add -net 192.168.2.0/24 192.168.2.1 #b
route add -net 192.168.3.0/24 192.168.3.1 #c
route add -net 192.168.4.0/24 192.168.4.1 #d

These routes don't make much sense. In order to route to 192.168.1/0 for instance it will send all packets to 192.168.1.1. This is only possible when 192.168.1.1 is directly connected. If it's directly connected there's no need for the route.

if i am in subnet "d" and i try to connect tu a VPN using cisco software (vpn ip 201.111.111.111) ,i connect and i can surf the web with NO problem , BUT when y try to access outlook to send and receive mail when conected to VPN , i can NOT do ,it does not work .

Most likely it's because the VPN sets a default gateway. As there is no specific route to the network where the mail server is it will send everything to the default gateway.

Can you post the relevant ifconfig_* bits from /etc/rc.conf?

 

[jleal2003]

Settings

For me that routes make sense look :

Main Router (FreeBSD box) 192.168.31.31

Sorry about the routes I send before, correct routes are:

route add -net 192.168.1.0/24 192.168.31.1 #a
route add -net 192.168.2.0/24 192.168.31.2 #b
route add -net 192.168.3.0/24 192.168.31.3 #c
route add -net 192.168.4.0/24 192.168.31.4 #d

Lab 1 (FreeBSD box) (30 PCS) local net 192.168.1.X local net server IP 192.168.1.1
ips used 192.168.1.2-255

Lab 2 (FreeBSD box) (110 PCS) local net 192.168.2.X local net server IP 192.168.2.1
ips used 192.168.2.2-255

Lab 3 and lab 4 are routes 3 and 4

Routes are necessary for me in order to reach diferent subnets and internet.

Y have rc.conf in MAIN FREEBSD ROUTER

defaultrouter="192.168.100.254"  #ADSL IP
ifconfig_em0="inet 192.168.100.144 netmask 255.255.255.0"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_flags="-dynamic -m"
natd_interface="em0"            # Public interface or IPaddress to use.
gateway_enable="YES"

Thanks in advance

 

[SirDice]

Main Router (freeBSD box) 192.168.31.31

Sorry about the routes i send before , correct routes are:
route add -net 192.168.1.0/24 192.168.31.1 #a
route add -net 192.168.2.0/24 192.168.31.2 #b
route add -net 192.168.3.0/24 192.168.31.3 #c
route add -net 192.168.4.0/24 192.168.31.4 #d

This makes a lot more sense :e


The machine in subnet d probably has only one route and gateway; 192.168.4.1. When the VPN comes up this route will get overwritten by whatever the VPN is set to. That means everything destined to 192.168.31/24 (your mailserver) will get send to the default gateway of the Cisco VPN instead of 192.168.4.1. To solve this you'll need to add a static route for 192.168.31/24 (directed to 192.168.4.1) on that machine.

 

[jleal2003]

the routes

Ok I understand your point thank you very much, I have two ideas of local routing

Routes to add on the CLIENT pc

route add 192.168.4.0 mask 255.255.255.0 192.168.31.31     ??????
route add 192.168.31.0 mask 255.255.255.0 192.168.4.1    =??????

Thanks in advance

 

[SirDice]

The client has only access to two gateways, the VPN and 192.168.4.1.

Instead of routing each subnet separately you could add a route for 192.168.0.0/16 to 192.168.4.1. This will route all 192.168/16 traffic to that router. Let it figure out what to do next.

I really suggest brushing up on your TCP/IP knowledge, especially subnets, subnet masks and routing.

 

[jleal2003]

Thanks

Thank you very much , any recommendation for reading?.

Cheers

 

[SirDice]

I found TCP/IP Illustrated very valuable as a reference. The most important stuff is in volume 1. Volume 2 is interesting if you do lots of socket programming. Volume 3 talks a lot about HTTP, NNTP and TLS.