4
Building 1: 10.1.0.0 255.255.0.0
Building 2: 10.10.0.0 255.255.0.0 192.168.0.0 255.255.0.0
Buildings are connected by 1G metro ethernet.
I reside in building 1.
192.168.0.0 is firewalled from everyone. OpenVPN is in 10.10.230.0 OpenVPN is in bridged mode so when I connect I get a 10.10.230.x address. 192.168.0.0 is acccessible from anyone with a 10.10.x.x address.
I connect with OpenVPN using the "push redirect-gateway" option and everything works. However, I don't want this to be my DFG. I only want to use this tunnel for specific subnets so I use the "push route" option like this:
push "route 192.168.2.0 255.255.255.0"
push "route 192.168.3.0 255.255.255.0"
and turn off the "redirect-gateway"
I cannot access the 192.168.0.0 subnets.
Example:
C:\Users\me>tracert -d 192.168.2.6
Tracing route to 192.168.2.6 over a maximum of 30 hops
1 * * * Request timed out.
2 * 10.10.230.181 reports: Destination host unreachable.
Trace complete.
Route table: The routes are added. It looks like they are trying to be used by what the tracert shows.
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.150.1 10.1.150.62 10
5.0.0.0 255.0.0.0 On-link 5.227.46.162 9256
5.227.46.162 255.255.255.255 On-link 5.227.46.162 9256
5.255.255.255 255.255.255.255 On-link 5.227.46.162 9256
10.1.150.0 255.255.255.0 On-link 10.1.150.62 266
10.1.150.62 255.255.255.255 On-link 10.1.150.62 266
10.1.150.255 255.255.255.255 On-link 10.1.150.62 266
10.10.230.0 255.255.255.0 On-link 10.10.230.181 286
10.10.230.181 255.255.255.255 On-link 10.10.230.181 286
10.10.230.255 255.255.255.255 On-link 10.10.230.181 286
10.10.231.0 255.255.255.0 10.10.230.179 10.10.230.181 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 10.10.230.179 10.10.230.181 30
192.168.3.0 255.255.255.0 10.10.230.179 10.10.230.181 30
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.1.150.62 266
224.0.0.0 240.0.0.0 On-link 10.10.230.181 286
224.0.0.0 240.0.0.0 On-link 5.227.46.162 9256
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.1.150.62 266
255.255.255.255 255.255.255.255 On-link 10.10.230.181 286
255.255.255.255 255.255.255.255 On-link 5.227.46.162 9256
===========================================================================
What am I missing? Again, using "redirect-gateway" I can access everything I need to access. What gives?
route table with redirect-gateway enabled
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.10.230.179 10.10.230.180 30
10.1.150.0 255.255.255.0 On-link 10.1.150.62 266
10.1.150.62 255.255.255.255 On-link 10.1.150.62 266
10.1.150.255 255.255.255.255 On-link 10.1.150.62 266
10.10.230.0 255.255.255.0 On-link 10.10.230.180 286
10.10.230.179 255.255.255.255 10.1.150.1 10.1.150.62 10
10.10.230.180 255.255.255.255 On-link 10.10.230.180 286
10.10.230.255 255.255.255.255 On-link 10.10.230.180 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.1.150.62 266
224.0.0.0 240.0.0.0 On-link 10.10.230.180 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.1.150.62 266
255.255.255.255 255.255.255.255 On-link 10.10.230.180 286
===========================================================================
Please post what your rt looks like with redirect-gateways enabled. Also it is possible that your machine doesn't use its 10.10.230.X address as source address when contacting 192.168.2.0/23. – user1129682 – 2012-06-15T18:11:45.050