On Tue, 19 Apr 2022 09:45:02 +0100, Hamish McIntyre-Bhatty wrote: > On 19/04/2022 07:27, Terry Coles wrote: > > On Monday, 18 April 2022 20:26:36 BST Patrick Wigmore wrote: > >> If there isn't a suitable route to 192.168.0.0/24 on the VPN > >> client > >> computer, then manually adding one temporarily might be a > >> worthwhile experiment. > >> > >> Hmmm. I've been struggling to find the correct iptables command > >> to do that.
> Note: iptables is a firewall, and doesn't handle routing. > > You probably need to add a route with "route add" but I don't know > what options to use after that. The only one I have used is "route > add default gw x.x.x.x" so I will let Patrick handle this - he > knows more Linux-specific stuff than I do here. I would use ip route add, but I am not really 'up' on the specifics. It is something I would figure out by trial and error (and reading the manual). But I forgot that IPSec VPNs don't present themselves as virtual network interfaces, which means it isn't necessarily obvious when you have a route that's going through the VPN, and I am not sure whether it is actually possible to create a route manually in the way I was thinking. I was imagining that you would see a route to [something] via [a VPN network interface], as you would with some other types of VPN. But instead, you'll see something like a route to [something] via [the same network interface that handles your default route] and via [the VPN server], with the kernel knowing (somehow - I forget exactly how) that it needs to encrypt packets that take that route. Looking at your ip route show output > terry@OptiPlex:~/Useful$ ip route show > default via 192.168.1.1 dev eno1 proto dhcp metric 100 > 169.254.0.0/16 dev eno1 scope link metric 1000 > 192.168.1.0/24 dev eno1 proto kernel scope link src 192.168.1.21 > metric 100 I think that last line is probably the route through the VPN, though I am not entirely certain. I've forgotten most of what I previously learnt about how routing works with IPSec. Sorry for being a bit vague. This is more of a heads up that I may have sent you on a wild goose chase than an attempt to unpick it properly. Patrick -- Next meeting: Online, Jitsi, Tuesday, 2022-05-03 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
