On 09/15/2011 04:26 AM, Erich Titl wrote:
Hi Kevin
at 15.09.2011 03:22, Kevin VPN wrote:
On 09/14/2011 10:58 AM, Erich Titl wrote:
Hi Kevin
at 14.09.2011 03:57, Kevin VPN wrote:
Hi Erich,
Based on the source and destination of the plaintext traffic being
private addresses, obviously it's possible to reach from the Shrew
client PC to the remote network in some path other than the tunnel.
Perhaps that path (route) has a lower metric than the VPN route, and is
thus used instead of the tunnel route.
Right, the default route, unfortunately, has a metric of 25, whereas the
Shrewsoft tunnel uses a metric of 31. Can this be configured in the
product.
...
I would suggest reading the posts below and playing with your adapter's
Automatic Metric and InterfaceMetric settings to see if you can correct
the problem.
Thanks, in the real world, where the remote network cannot be reached
directly, my setup works fine.
I always thought that routing metrics were applied to rules with equal
significance, so a default route should not be used when there is a more
precise route iven with higher metrics.
The route in this case is assigned dynamically using dhcp. AFAIK there
is no dhcp router metrics option.
Maybe in a directly connected setup icmp redirects take precedents.
Hi Erich,
If the route is dynamic you're still not stuck. Simply increase the
InterfaceMetric instead. The Microsoft link tells you how to do it:
To configure the Automatic Metric feature:
In Control Panel, double-click Network Connections.
Right-click a network interface, and then click Properties.
Click Internet Protocol (TCP/IP), and then click Properties.
On the General tab, click Advanced.
To specify a metric, on the IP Settings tab, click to clear the
Automatic metric check box, and then enter the metric that you
want in the Interface Metric field.
Simply set it to 32 or more so that the metric on the DHCP route will
always have a metric higher than the one from the Shrew adapter.
(Microsoft link: An explanation of the Automatic Metric feature for
Internet Protocol routes http://support.microsoft.com/kb/299540)
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
