On Sun, 2003-08-24 at 17:45, Jay Mallar wrote: > I have a networking issue I need some help with. > > I use 192.168.0.10 to connect via VPN to my office. When I do so, the > VPN software automatically excludes my local intranet traffic, so > 192.168.0.10 can no longer see my internal network. The rest of my > local net is unaffected but can no longer see 192.168.0.10 - and this > is my main issue - because 192.168.0.10 is disconnected from the local > intranet, the other machines can no longer access my printer. > > After connectiong to the VPN: > > # route > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref > Use Iface > 192.168.0.0 * 255.255.255.0 U 0 0 > 0 eth0 > 169.254.0.0 * 255.255.0.0 U 0 0 > 0 eth0 > 127.0.0.0 * 255.0.0.0 U 0 0 > 0 lo > default <namehidden> 0.0.0.0 UG 0 0 > 0 eth0 > Therein lies the problem. You've setup your routing so that when the VPN connection is active, all traffic is routed through the VPN, even your local LAN traffic. This is something I routinely run into while setting up IPsec for wireless Windows systems. In my circumstance, I have to do what I refer to as "reflection", where I "bounce" all traffic off the VPN gateway, back into the LAN. All LAN hosts also have a static route pointing LAN traffic through the gateway, rather than delivering on the local segment.
Yours should be easier to fix. If possible, change your VPN routing so that only traffic on the far end of the VPN tunnel is routed through your VPN connection. If, for example, the remote network is 10.0.0.0/24, you'll want a static route for that block to head out the VPN gateway. If that doesn't work, you should be able to override your LAN route with a simple static route on this host back to itself. Something like this should work: route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.0.10 If it doesn't work, the "reflection" trick is still possible, but seems a bit complex for your situation. Please let me know how this works for you. -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
