Static route - gateway not used

Question

I'm trying to use gateway address 10.10.121.10 in order to forward TCP traffic via this machine. I would like to make that traffic from my machine is going over 10.10.121.10 and that machine 10.200.32.107 thinks it is coming from 10.10.121.10 and not my machine. It seems that whatever I set in windows - it doesn't care about set Gateway address.

Here is the status without static route set:

This is what I would expect - no route set to 10.200.32.107 and I cannot reach that IP.

But when I add this static route as here

Destination is reachable, but not via 10.10.121.10. It seems that this Gateway address does not matter here - even if I put here random IP (eg I tried with 1.1.1.1) it will work.

What I expected is that traffic is directed as in green steps on image:

I want to reach 10.200.32.107, so use route for 10.200.32.0 255.255.255.0
Gateway is 10.10.121.10, so use route for 10.10.121.10 255.255.255.255
Gateway is 192.168.24.1 so go there and forward traffic to 10.10.121.10 on TAP-Windows Adapter V9 (VPN)

score 0 · Answer 1 · answered Nov 01 '20 at 13:38

0

It seems you want to manage how routing will happen behind the router you are connected to. There is no possible option in the packet you can set to be read on router to change its behavior.

The only thing your computer can decide is what will be the next hop. So, all your routing table is just a way to choose 192.168.24.1 as a next hop and nothing more. 192.168.24.1 will decide what to do next and you can't change its behavior from your computer.

answered Nov 01 '20 at 13:38

kab00m

398
1
9

Is it possible to do this in some different way? I can modify software on `10.10.121.10` - that is - install whatever needed. I guess that installing OpenVPN on `10.10.121.10` would work, but is there any easier solution? – Bojan Vukasovic Nov 01 '20 at 13:48
Depends on what you want. If your problem is 10.200.32.107 "not liking" your address then 10.10.121.10 have to have NAT masquerading address of source host. If traffic is going around 10.10.121.10 - you need to change 192.168.24.1 routing table. – kab00m Nov 01 '20 at 14:14
My problem is `10.200.32.107` "not liking" my address, but addres `10.10.121.10` is OK. I cannot change anything on `192.168.24.1`. – Bojan Vukasovic Nov 01 '20 at 14:27
But how then to easily direct traffic to `10.200.32.107` over `10.10.121.10`? – Bojan Vukasovic Nov 01 '20 at 14:30

score 0 · Accepted Answer · answered Nov 01 '20 at 21:04

OK, What I end up doing in the end is to install pptpd on raspberry and configure it like so:

sudo apt-get install pptpd
sudo nano /etc/pptpd.conf

and add at the bottom

localip 199.168.0.1
remoteip 199.168.0.234-238,199.168.0.245

Then I just added rules to iptables

# Generated by xtables-save v1.8.2 on Sun Nov  1 21:00:46 2020
*nat
:PREROUTING ACCEPT [3303:295008]
:INPUT ACCEPT [434:44479]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [51:3332]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Sun Nov  1 21:00:46 2020
# Generated by xtables-save v1.8.2 on Sun Nov  1 21:00:46 2020
*filter
:INPUT ACCEPT [6349:640268]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3318:257937]
-A FORWARD -i ppp0 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sun Nov  1 21:00:46 2020

And on windows I installed new network:

And then, since I'm using OpenConnect, I edited the file vpnc-script.js in order to automate connecting to piVNP - I just added

echo("Connecting to piVPN...");
exec("rasdial \"piVPN\" \"default\" \"default\"");
echo("Adding my static route...");
exec("route add 10.200.0.0 mask 255.255.0.0 199.168.0.1 metric 36");

In connect method, and then in disconnect just added:

echo("Disconnecting from piVPN...");
exec("rasdial \"piVPN\" /disconnect");

Now everything is automated and working perfectly...

and just to mention that I had to do `sudo ifconfig eth0 mtu 1000`, otherwise connection kept dropping after a few minutes. — Bojan Vukasovic, Nov 02 '20 at 10:21

Static route - gateway not used

2 Answers2