Hi, I've a question regarding the priority of routing entries.
Please take a look at the following routing table for a machine with 3 ethernet interfaces ( link#1 192.168.0.1 ( internal net 1 /24 ) link#2 u.v.w.254 ( internet /30 ) link#4 10.10.60.1 ( internal net 2 /24 ): netstat -rn # netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Mtu Interface default u.v.w.253 UGS 17 103292 - vr1 192.168.0.0/24 link#1 UC 16 0 - vr0 u.v.w.252/30 link#2 UC 1 0 - vr1 10.10.60/24 link#4 UC 1 0 - vr3 127/8 127.0.0.1 UGRS 0 0 33224 lo0 127.0.0.1 127.0.0.1 UH 1 0 33224 lo0 224/4 127.0.0.1 URS 0 0 33224 lo0 Internet6: Destination Gateway Flags Refs Use Mtu Interface nothing intesting here Encap: Source Port Destination Port Proto SA(Address/Proto/Type/Direction) 10.10/16 0 192.168.0.0/24 0 0 a.b.c.d/esp/use/in 192.168.0.0/24 0 10.10/16 0 0 a.b.c.d/esp/require/out # The point is: There a general route to 10.10/16 via an ipsec tunnel, and a more specific route to 10.10.60/24 on a local interface 4. When I establish an connection from the localhost to host 10.10.60.100 ( on local subnet 2 ), this works fine. When I try to connect to the same host 10.10.60.100 from a host in local subnet 1 ( 192.168.0/24 ), using my host as default gateway, the packet gets routed through the vpn to the more general subnet 10.10/16. I.e. in this case it seems that the VPN route takes precedence over the more specific route via the local interface. Another effect of the same problem is that on the local host: ping 10.10.60.100 works whereas ping -I 192.168.60.1 10.10.60.100 does not work ( packets are routed into the vpn tunnel ). I believe that I read in the networking faqs that a more specific route takes precedence over a less specific one. It seems that this does not hold when one route is via a local interface and the other over vpn. If this is true, can I somehow change this behaviour, so that the more specific route is considered first in any case? Thanks
