My windows laptop is directly connected to 192.168.1.0/24 (wireless lan). I access 10.21.0.0/16 though a router that is connected to both networks. The routing works fine with this configuration.
I have a VPN, that connects to 10.0.0.0/8. The VPN network doesn't actually use any IPs in the 10.21.0.0/16 range. So I should be able to configure my routing table to route all the 10.21.0.0/16 IPs through the wireless lan, and all other 10.0.0.0/8 through the VPN.
My understanding is that I can do this if the metric for the 10.21.0.0 is lower than that of the 10.0.0.0. The VPN (10.0.0.0) is automatically assigned metric 20. I have manually assigned the WLAN a metric of 1. I manually add an entry to the routing table with this command:
route add 10.21.0.0 mask 255.255.0.0 192.168.1.201 metric 1
The route is then assigned a metric of 2 (which is expected).
The problem is that it doesn't work. I can't ping any machine on the 10.21.0.0 network. But I can access other stuff on the 10.0.0.0. I can also access stuff on the 192.168.1.0.
To debug this i've done the following.
- Run tcpdump on the router (192.168.1.201). I can verify that no packets for 10.21.0.0 arrive on that interface.
- Disable iptables on the router. Disable the windows firewall.
- Run wireshark on my laptop, to try and see which interface the ping requests go to. But I can't see them go anywhere!!
- The ping command doesn't receive any 'destination unreachable' messages.
Here is the relevant section of the routing table.
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.201 192.168.1.18 2
10.0.0.0 255.0.0.0 On-link 10.55.44.203 20
10.21.0.0 255.255.0.0 192.168.1.201 192.168.1.18 2
Update
As requested, here is the output of route print 10.21.0.1
C:\>route print 10.21.0.1
===========================================================================
Interface List
17...02 50 f2 00 00 05 ......AGN Virtual Network Adapter
16...a0 88 b4 e1 8f 20 ......Intel(R) Centrino(R) Advanced-N 6205
1...........................Software Loopback Interface 1
10...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
47...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
None
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
None
Persistent Routes:
None
C:\>
Good catch, here is probably where the problem is. But alas, even adding a route for one specific host that I know is up, doesn't work.
C:\>route print 10.*
===========================================================================
Interface List
17...02 50 f2 00 00 05 ......AGN Virtual Network Adapter
16...a0 88 b4 e1 8f 20 ......Intel(R) Centrino(R) Advanced-N 6205
1...........................Software Loopback Interface 1
10...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
47...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
10.0.0.0 255.0.0.0 On-link 10.76.206.8 20
10.21.0.0 255.255.0.0 192.168.1.201 192.168.1.18 2
10.21.61.1 255.255.255.255 192.168.1.201 192.168.1.18 2
10.76.206.0 255.255.255.0 On-link 10.76.206.8 276
10.76.206.8 255.255.255.255 On-link 10.76.206.8 276
10.76.206.255 255.255.255.255 On-link 10.76.206.8 276
10.255.255.255 255.255.255.255 On-link 10.76.206.8 276
===========================================================================
Persistent Routes:
None
C:\>ping 10.21.61.1
Pinging 10.21.61.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.21.61.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
If I connect to the router (192.168.1.201) and run tcpdump, I don't see any packets to 10.21.0.0/16 on the interface that the laptop is connected to.