On 2013-02-14, Christopher Zimmermann <[email protected]> wrote: > Hi, > > I have the following static routes setup on my laptop. > em0 is a lan connection to my router 172.26.153.1. > tun1 is sometimes used by a ssh tunnel to the same router. > It is now down. > The routing table is attached below. > Now I'm wondering why the first ping seems to use the 172.26.153/24 > route via 172.26.153.18 (which is currently not up and has priority 10) > instead of the default route via 172.26.153.1 which has a higher > priority and is up. > The funny thing is that adding another route to 172.26.153/24 via > gateway 172.26.153.1 fixes this problem and allows the ping to > happen. > Why is this route used while the default route is ignored, although it > looks exactly the same (same priority) except having a larger subnet (0/0)?? > Are more specific routes somehow preferred?
Yes more specific routes are always preferred. Priorities only come into play when two equally specific routes are available. The case you are hitting is where a static route via a "down" interface is more specific than a working less-specific route. You probably need to arrange that the static routes are removed when the interface is down (and re-added when it's up). ifstated could help here. As to why: consider the situation where a private LAN interface is unplugged. You wouldn't want to send sensitive LAN traffic out via your default route and possibly onto the internet... Since in this case it seems you definitely want that behaviour, the fix you found (adding the additional 172.26.153/24 route) seems correct to me. Presumably you want to just set the priority so the tun(4) route is preferred when it's available, and then you should be able to just leave it like that all the time.
