[lug] vpn and traceroute

[karl horlen]

 > if i delete the default route which is normally going
> out my local
> > interface vs vpn interface, before i can replace the
> default route
> > with a new route to set the default route to go
> through the vpn (did
> > you catch that ;), the vpn connection is killed as it
> probably tries
> > to keep alive through the local network adapater. as a
> matter of
> > fact, the more i think about this, doesn't the vpn
> need the default
> > route set to the local adapter so it can perform it's
> tunneling
> > correctly?
> > 
> > am i'm missing something.
> > 
> > what i want to do is route all http traffic over the
> vpn and not over
> > my local network.  however when i delete default
> route, the vpn goes
> > down.
> > 
> > 
> > the vpn needs to communicate which it
> 
> This kind of problem is why, if at all possible, you should
> use an
> option built into the VPN program to change the default
> route.
> 
> But if you are on Windows, which I think you are? Then you
> should try
> using ROUTE CHANGE instead of delete and add. That should
> transparently
> modify the route and it won't ever be down.

i tried that at and it still didn't work.  so i tried the dual route method below.

> Another thing that you may be able to do is to add another
> default route
> with a better metric. That should take over as the default
> and when the
> VPN interface goes down the route should go down too and
> then everything
> will fall back to the regular route.

i added another default route with a lower metric in addition to the existing one out the local adapter with a higher metric.  the vpn eventually went down and nothing routed.

route add 0.0.0.0 mask 0.0.0.0 <my vpn gw ip> metric 2

the default route out 192.168.0.1 was at metric 20.  and the vpn ip is 10.X so there's no conflict there.

not sure what's going on.  thx for the help though


> And about the crap in the Windows route table. It really
> does need that.
> What you're seeing is hidden by default in Linux. The Linux
> route tables
> have all the same stuff but a lot of it is in separate
> routing tables.
> 
> For example:
> $ ip rule
> 0:      from all lookup 255
> 32766:  from all lookup main
> 32767:  from all lookup default
> 
> $ ip route list table 255
> broadcast 127.255.255.255 dev lo proto kernel scope link
> src 127.0.0.1
> broadcast 192.168.13.0 dev eth0 proto kernel scope link src
> 192.168.13.128
> local 192.168.13.128 dev eth0 proto kernel scope host src
> 192.168.13.128
> broadcast 192.168.13.255 dev eth0 proto kernel scope link
> src 192.168.13.128
> broadcast 127.0.0.0 dev lo proto kernel scope link src
> 127.0.0.1
> local 127.0.0.1 dev lo proto kernel scope host src
> 127.0.0.1
> local 127.0.0.0/8 dev lo proto kernel scope host src
> 127.0.0.1

thanks.  good to know :)