[lug] routing question...

Orion Poplawski orion at nwra.com
Tue Nov 3 14:44:13 MST 2020 

On 11/3/20 2:32 PM, Bear Giles wrote:
> I seem to be missing something - as well as all of the results in my google
> searches.
> 
> I'm trying to route traffic from my home system (with dual 4k monitors) to my
> work laptop and then onto the corporate VPN. I *could* set up the VPN on my
> home system but would prefer the control of setting up my own routing. E.g., I
> don't want the VPN to be my default route to the internet at large - esp.
> since I only use the VPN to access an AWS walled garden.
> 
> I have a similar situation when I lose my home comcast connection. I can
> usually still get out - either a comcast hotspot or a tethered phone/tablet -
> and my entire network could get out if I could temporarily change the default
> route to go through that system. (Not all of my systems have wifi.) I haven't
> had any luck though and I think it's the same problem I'm seeing today.
> 
> This should be pretty straightforward. On the laptop I entered
> 
>    $ sudo sysctl -w net.ipv4.ip_forward=1
> 
> and on my home system I entered
> 
>    $ sudo ip route add 172.28.0.0/16 <http://172.28.0.0/16> via 192.168.1.100
> proto static
> 
> where 192.168.1.100 is the laptop.
> 
> I've verified that the route is listed in both `ip route` and `netstat -r`.
> 
> However I can't reach the walled garden. In fact if run
> 
>    $ traceroute 172.27.10.10
                      ^^^

Is that right?  You list .28 above.

> 
> it reports the first hop as 192.168.1.1, not 192.168.1.100.
> 
> Am I missing a step? I thought these changes took effect immediately but maybe
> I need to bounce something. E.g., I know I probably need to set up a NAT for
> the comcast or tethered connection, but I can assign my own IP address in the
> 172.28.0.0/16 <http://172.28.0.0/16> CIDR so that's not an issue. I also don't
> see how that would affect the first hop chosen in traceroute.
> 
> Thanks

Also note that depending on the firewall on the work side, this might not work
unless you also setup NAT on your work laptop.  Here we would certainly block
traffic not from the VPN client itself.


-- 
Orion Poplawski
Manager of NWRA Technical Systems          720-772-5637
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion at nwra.com
Boulder, CO 80301                 https://www.nwra.com/

More information about the LUG mailing list