Search Results

Search found 2401 results on 97 pages for 'routing'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 4/97 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Can't remove route from routing table

    - by anon
    (I am on Windows Server 2003.) I see a couple of unusual entries in my routing table that I would like to remove: Network Destination Netmask Gateway Interface Metric XXX.27.44.1 255.255.255.255 127.0.0.1 127.0.0.1 20 XXX.27.255.255 255.255.255.255 XXX.27.44.1 XXX.27.44.1 20 All the "XXX"'s are the same octet. I would strongly prefer NOT to clear the routing table, since this is a production server. Here is what I've tried: route delete XXX.27.44.1 The route specified was not found. route delete XXX.27.44.1 mask 255.255.255.255 127.0.0.1 metric 20 The route specified was not found. route delete XXX.27.255.255 The route specified was not found. route delete XXX.27.255.255 mask 255.255.255.255 XXX.27.44.1 metric 20 The route specified was not found. I also tried adding the routes in hopes that I could delete them: route add XXX.27.44.1 mask 255.255.255.255 127.0.0.1 metric 20 The route addition failed: The parameter is incorrect. route add XXX.27.255.255 mask 255.255.255.255 XXX.27.44.1 metric 20 The route addition failed: The parameter is incorrect. Bonus question: What do these entries do, and how did they get there?

    Read the article

  • weird routes automatically being added to windows routing table

    - by simon
    On our windows 2003 domain, with XP clients, we have started seeing routes appearing in the routing tables on both the servers and the clients. The route is a /32 for another computer on the domain. The route gets added when one windows computer connects to another computer and needs to authenticate. For example, if computer A with ip 10.0.1.5/24 browses the c: drive of computer B with ip 10.0.2.5/24, a static route will get added on computer B like so: dest netmask gateway interface 10.0.1.5 255.255.255.255 10.0.2.1 10.0.2.5 This also happens on windows authenticated SQL server connections. It does not happen when computers A and B are on the same subnet. None of the servers have RIP or any other routing protocols enabled, and there are no batch files etc setting routes automatically. There is another windows domain that we manage with a near identical configuration that is not exhibiting this behaviour. The only difference with this domain is that it is not up to date with its patches. Is this meant to be happening? Has anyone else seen this? Why is it needed when I have perfectly good default gateways set on all the computers on the domain?!

    Read the article

  • A star vs internet routing pathfinding

    - by alan2here
    In many respects pathfinding algorythms like A star for finding the shortest route though graphs are similar to the pathfinding on the internet when routing trafic. However the pathfinding routers perform seem to have remarkable properties. As I understand it: It's very perfromant. New nodes can be added at any time that use a free address from a finite (not tree like) address space. It's real routing, like A*, theres never any doubling back for example. IP addresses don't have to be geographicly nearby. The network reacts quickly to changes to the networks shape, for example if a line is down. Routers share information and it takes time for new IP's to be registered everywhere, but presumably every router dosn't have to store a list of all the addresses each of it's directions leads most directly to. I can't find this information elsewhere however I don't know where to look or what search tearms to use. I'm looking for a basic, general, high level description to the algorithms workings, from the point of view of an individual router.

    Read the article

  • Force Juniper-network client to use split routing

    - by craibuc
    I'm using the Juniper client for OSX ('Network Connect') to access a client's VPN. It appears that the client is configured to not use split-routing. The client's VPN host is not willing to enable split-routing. Is there a way for me to over-ride this configuration or do sometime on my workstation to get the non-client network traffic to by-pass the VPN? This wouldn't be a big deal, but none of my streaming radio stations (e.g. XM) work will connected to their VPN. Apologies for any inaccuracies in the terminology. ** edit ** The Juniper client changes my system's resolve.conf file from: nameserver 192.168.0.1 to: search XXX.com [redacted] nameserver 10.30.16.140 nameserver 10.30.8.140 I've attempted to restore my preferred DNS entry to the file $ sudo echo "nameserver 192.168.0.1" >> /etc/resolv.conf but this results in the following error: -bash: /etc/resolv.conf: Permission denied How does the super-user account not have access to this file? Is there a way to prevent the Juniper client from making changes to this file?

    Read the article

  • Linux port-based routing using iptables/ip route

    - by user42055
    I have the following setup: 192.168.0.4 192.168.0.6 192.168.0.1 +-----------+ +---------+ +----------+ |WORKSTATION|------| LINUX |------| GATEWAY | +-----------+ +---------+ +----------+ 192.168.150.10 | 192.168.150.9 +---------+ | VPN | +---------+ 192.168.150.1 WORKSTATION has a default route of 192.168.0.6 LINUX has a default route of 192.168.0.1 I am trying to use the gateway as the default route, but route port 80 traffic via the VPN. Based on what I read at http://www.linuxhorizon.ro/iproute2.html I have tried this: echo "1 VPN" >> /etc/iproute2/rt_tables sysctl net.ipv4.conf.eth0.rp_filter = 0 sysctl net.ipv4.conf.tun0.rp_filter = 0 sysctl net.ipv4.conf.all.rp_filter = 0 iptables -A PREROUTING -t mangle -i eth0 -p tcp --dport 80 -j MARK --set-mark 0x1 ip route add default via 192.168.150.9 dev tun0 table VPN ip rule add from all fwmark 0x1 table VPN When I run "tcpdump -i eth0 port 80" on LINUX, and open a webpage on WORKSTATION, I don't see the traffic go through LINUX at all. When I run a ping from WORKSTATION, I get this back from some packets: 92 bytes from 192.168.0.6: Redirect Host(New addr: 192.168.0.1) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 de91 0 0000 3f 01 4ed3 192.168.0.4 139.134.2.18 Is this why my routing is not working ? Do I need to put GATEWAY and LINUX on different subnets to prevent WORKSTATION being redirected to GATEWAY ? Do I need to use NAT at all, or can I do this with routing alone (which is what I want) ?

    Read the article

  • Steps to deploy a custom routing protocol

    - by user134589
    I'm a Ph.D Student and I'm researching a Service Centric Networking architecture with resourceallocation on a large scale. What I'm looking to do is expand an existing routing protocol like OSPF with extra fields and some new message types that I need for communication between Nodes. I want to manipulate the cost of a network link and I want paths to be calculated like in OSPF V2/v3, but using the cost that my algorithms have calculated. What I have I have the source code of OSPF from Quagga. I am assuming I can edit this code how I want, including packet structures and creating new types. Yes, I am aware it won't be easy but this is a 6 years research project and I am eager to develop something new, to move forward. What I need I would like to know how I can deploy the edited OSPF source files I have (written in C) on any type of server. I have a large testbed environment available with hundreds of virtual nodes and pretty much any OS out there. So if I want to test my extended protocol, how do I make all the nodes in a network use this to communicate? I do not understand what parts of the kernel I need to edit here. I tried searching for days now and I am unable to find how to deploy a non-existing routing protocol, without the use of an application-level framework. If somebody could push me in the right direction that'd be awesome. note: I need this to be a routingprotocol and not an application, since I want this to work on op of the network layer for performance reasons. Thanks!

    Read the article

  • XP - ping changes routing table?

    - by Corelgott
    Hey Folks, I have got a real strange behaviour with one of my XP-Sp3 machines. Setup: A Server in the lan (192.168.5.0) proviedes access to all roadwarriors in 10.8.0.0 The DCHP has a static route for all clients pronouncing 192.168.5.235 as gateway for 10.8.0.0 All Clients can ping & access the vpn-machines; everything works like a charm But one Xp-Sp3 is not willing to connect to them. It gets all the same routes as any other sytem in the lan and I trippel-checked - there are no static routes on this machine When I ping any 10.8.0.0 device from this machine, the first two packaged work like a charm; but the next two (and any package after them) fail and get lost. When I look back into the routing table: There is a new route; a special one just for the device I pinged, which points to the right gateway - but which wasn't there earlier... As Long as this route exists the machine can't ping anything on 10.8.0.0. But if I remove the route by hand: The next to ping packages work fine... Has anybody got an idea about that? Anybody every seen such a behaviour? Any hint / help / tip is greatly appreachiated! thx in advance Corelgott Ps: I attach an image of the cmd to clarify things - its in german, but reading a routing table shouldn't be that hard...

    Read the article

  • How do I enable multicast routing in Windows XP

    - by Simon Richter
    I have successfully set up a Windows XP machine as an IPv6 router using netsh, that is, it announces prefixes and forwards packets on two interfaces, as verified by pinging. Now I'd like to forward multicast frames between both subnets; hosts on both sides are properly sending out multicast listener reports, so all it would take would be for the router to process these and start forwarding datagrams. How can I enable IPv6 multicast routing between two interfaces?

    Read the article

  • Tuning Linux IP routing parameters -- secret_interval and tcp_mem

    - by Jeff Atwood
    We had a little failover problem with one of our HAProxy VMs today. When we dug into it, we found this: Jan 26 07:41:45 haproxy2 kernel: [226818.070059] __ratelimit: 10 callbacks suppressed Jan 26 07:41:45 haproxy2 kernel: [226818.070064] Out of socket memory Jan 26 07:41:47 haproxy2 kernel: [226819.560048] Out of socket memory Jan 26 07:41:49 haproxy2 kernel: [226822.030044] Out of socket memory Which, per this link, apparently has to do with low default settings for net.ipv4.tcp_mem. So we increased them by 4x from their defaults (this is Ubuntu Server, not sure if the Linux flavor matters): current values are: 45984 61312 91968 new values are: 183936 245248 367872 After that, we started seeing a bizarre error message: Jan 26 08:18:49 haproxy1 kernel: [ 2291.579726] Route hash chain too long! Jan 26 08:18:49 haproxy1 kernel: [ 2291.579732] Adjust your secret_interval! Shh.. it's a secret!! This apparently has to do with /proc/sys/net/ipv4/route/secret_interval which defaults to 600 and controls periodic flushing of the route cache The secret_interval instructs the kernel how often to blow away ALL route hash entries regardless of how new/old they are. In our environment this is generally bad. The CPU will be busy rebuilding thousands of entries per second every time the cache is cleared. However we set this to run once a day to keep memory leaks at bay (though we've never had one). While we are happy to reduce this, it seems odd to recommend dropping the entire route cache at regular intervals, rather than simply pushing old values out of the route cache faster. After some investigation, we found /proc/sys/net/ipv4/route/gc_elasticity which seems to be a better option for keeping the route table size in check: gc_elasticity can best be described as the average bucket depth the kernel will accept before it starts expiring route hash entries. This will help maintain the upper limit of active routes. We adjusted elasticity from 8 to 4, in the hopes of the route cache pruning itself more aggressively. The secret_interval does not feel correct to us. But there are a bunch of settings and it's unclear which are really the right way to go here. /proc/sys/net/ipv4/route/gc_elasticity (8) /proc/sys/net/ipv4/route/gc_interval (60) /proc/sys/net/ipv4/route/gc_min_interval (0) /proc/sys/net/ipv4/route/gc_timeout (300) /proc/sys/net/ipv4/route/secret_interval (600) /proc/sys/net/ipv4/route/gc_thresh (?) rhash_entries (kernel parameter, default unknown?) We don't want to make the Linux routing worse, so we're kind of afraid to mess with some of these settings. Can anyone advise which routing parameters are best to tune, for a high traffic HAProxy instance?

    Read the article

  • Mac Server bizzare routing table

    - by The Unix Janitor
    My mac routing table usually is very simple. I know it's based on bsd , but what's it doing or trying to do. My routing table is usually very simple however, the second one, default was point to link5 ? Is this normal, or is this IPV6 craziness at work? Can somehelp me understand what OSX/BSD is doing? nternet: Destination Gateway Flags Refs Use Netif Expire default 192.168.1.254 UGSc 22 0 en1 127 127.0.0.1 UCS 0 0 lo0 127.0.0.1 127.0.0.1 UH 4 44102 lo0 169.254 link#5 UCS 0 0 en1 192.168.1 link#5 UCS 6 0 en1 192.168.1.1 0:18:39:6d:89:c5 UHLWIi 0 0 en1 739 192.168.1.189 50:ea:d6:86:26:91 UHLWIi 0 0 en1 798 192.168.1.194 127.0.0.1 UHS 0 0 lo0 192.168.1.203 5c:95:ae:dd:34:8d UHLWIi 0 0 en1 316 192.168.1.253 a:76:ff:b5:51:79 UHLWIi 0 0 en1 911 192.168.1.254 8:76:ff:b5:51:79 UHLWIi 32 204 en1 1117 192.168.1.255 ff:ff:ff:ff:ff:ff UHLWbI 0 7 en1 Internet6: Destination Gateway Flags Netif Expire ::1 link#1 UHL lo0 fe80::%lo0/64 fe80::1%lo0 UcI lo0 fe80::1%lo0 link#1 UHLI lo0 fe80::%en1/64 link#5 UCI en1 fe80::21b:63ff:fec7:c486%en1 0:1b:63:c7:c4:86 UHLI lo0 fe80::223:12ff:fe01:d7fe%en1 0:23:12:1:d7:fe UHLWIi en1 ff01::%lo0/32 fe80::1%lo0 UmCI lo0 ff01::%en1/32 link#5 UmCI en1 ff02::%lo0/32 fe80::1%lo0 UmCI lo0 ff02::%en1/32 link#5 UmCI en1 ----------------------------------- Bizzare routing table here Internet: Destination Gateway Flags Refs Use Netif Expire default link#5 UCS 113 0 en1 17.72.255.12 0:50:7f:5e:92:e2 UHLWIi 2 7 en1 1156 64.4.23.141 0:50:7f:5e:92:e2 UHLWIi 0 3 en1 1181 64.4.23.143 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1189 64.4.23.147 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1183 64.4.23.149 link#5 UHLWIi 0 1 en1 64.4.23.150 0:50:7f:5e:92:e2 UHLWIi 0 24 en1 1175 64.4.23.151 link#5 UHLWIi 0 1 en1 64.4.23.153 link#5 UHLWIi 0 1 en1 64.4.23.155 link#5 UHLWIi 0 1 en1 64.4.23.157 0:50:7f:5e:92:e2 UHLWIi 0 3 en1 1181 64.4.23.165 link#5 UHLWIi 0 2 en1 64.4.23.166 link#5 UHLWIi 0 1 en1 65.55.223.15 0:50:7f:5e:92:e2 UHLWIi 3 21 en1 1189 65.55.223.16 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1181 65.55.223.17 0:50:7f:5e:92:e2 UHLWIi 0 2 en1 1199 65.55.223.20 link#5 UHLWIi 0 1 en1 65.55.223.23 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1199 65.55.223.31 link#5 UHLWIi 0 1 en1 65.55.223.32 link#5 UHLWIi 0 1 en1 65.55.223.37 0:50:7f:5e:92:e2 UHLWIi 3 21 en1 1189 65.55.223.38 link#5 UHLWIi 0 1 en1 69.163.252.33 0:50:7f:5e:92:e2 UHLWIi 1 9 en1 1181 77.67.32.254 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1164 111.221.74.13 0:50:7f:5e:92:e2 UHLWIi 0 24 en1 1183 111.221.74.15 link#5 UHLWIi 0 1 en1 111.221.74.16 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1183 111.221.74.17 0:50:7f:5e:92:e2 UHLWIi 3 23 en1 1172 111.221.74.21 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1181 111.221.74.23 0:50:7f:5e:92:e2 UHLWIi 0 2 en1 1172 111.221.74.24 0:50:7f:5e:92:e2 UHLWIi 0 2 en1 1181 111.221.74.26 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1199 111.221.74.29 0:50:7f:5e:92:e2 UHLWIi 0 2 en1 1181 111.221.74.31 link#5 UHLWIi 0 1 en1 111.221.74.37 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1190 111.221.74.38 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1199 111.221.77.141 0:50:7f:5e:92:e2 UHLWIi 0 3 en1 1199 111.221.77.144 link#5 UHLWIi 0 1 en1 111.221.77.145 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1190 111.221.77.149 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1183 111.221.77.154 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1181 111.221.77.156 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1190 111.221.77.157 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1183 111.221.77.162 link#5 UHLWIi 0 1 en1 111.221.77.165 link#5 UHLWIi 0 1 en1 127 127.0.0.1 UCS 0 0 lo0 127.0.0.1 127.0.0.1 UH 4 40073 lo0 157.55.56.140 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1199 157.55.56.141 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1181 157.55.56.143 link#5 UHLWIi 0 1 en1 157.55.56.147 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1183 157.55.56.148 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1183 157.55.56.149 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1189 157.55.56.150 link#5 UHLWIi 0 1 en1 157.55.56.157 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1172 157.55.56.158 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1175 157.55.130.143 link#5 UHLWIi 0 1 en1 157.55.130.144 link#5 UHLWIi 0 1 en1 157.55.130.145 0:50:7f:5e:92:e2 UHLWIi 0 24 en1 1181 157.55.130.152 0:50:7f:5e:92:e2 UHLWIi 0 2 en1 1199 157.55.130.153 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1172 157.55.130.155 0:50:7f:5e:92:e2 UHLWIi 0 2 en1 1189 157.55.130.156 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1186 157.55.130.157 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1189 157.55.130.158 0:50:7f:5e:92:e2 UHLWIi 0 3 en1 1172 157.55.130.160 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1189 157.55.130.162 0:50:7f:5e:92:e2 UHLWIi 3 21 en1 1193 157.55.130.166 link#5 UHLWIi 0 1 en1 157.55.235.141 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1193 157.55.235.142 link#5 UHLWIi 1 1 en1 157.55.235.144 0:50:7f:5e:92:e2 UHLWIi 0 2 en1 1172 157.55.235.145 0:50:7f:5e:92:e2 UHLWIi 0 2 en1 1172 157.55.235.149 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1181 157.55.235.151 link#5 UHRLWIi 0 36 en1 157.55.235.152 0:50:7f:5e:92:e2 UHLWIi 3 21 en1 1189 157.55.235.153 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1178 157.55.235.156 link#5 UHLWIi 0 2 en1 157.55.235.157 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1181 157.55.235.158 link#5 UHLWIi 0 1 en1 157.55.235.159 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1181 157.55.235.162 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1183 157.55.235.166 0:50:7f:5e:92:e2 UHLWIi 0 25 en1 1181 157.56.52.14 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1181 157.56.52.15 0:50:7f:5e:92:e2 UHLWIi 0 2 en1 1183 157.56.52.16 link#5 UHLWIi 0 1 en1 157.56.52.17 0:50:7f:5e:92:e2 UHLWIi 3 14 en1 1199 157.56.52.19 link#5 UHLWIi 0 1 en1 157.56.52.20 0:50:7f:5e:92:e2 UHLWIi 3 17 en1 1199 157.56.52.22 0:50:7f:5e:92:e2 UHLWIi 0 24 en1 1181 157.56.52.25 link#5 UHLWIi 0 1 en1 157.56.52.28 link#5 UHLWIi 0 1 en1 157.56.52.29 link#5 UHLWIi 0 1 en1 157.56.52.31 link#5 UHLWIi 0 1 en1 157.56.52.33 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1189 169.254 link#5 UC 1 0 en1 169.254.174.250 127.0.0.1 UHS 1 0 lo0 169.254.255.255 ff:ff:ff:ff:ff:ff UHLWb 0 2 en1 193.88.6.19 link#5 UHLWIi 0 1 en1 194.165.188.82 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1166 195.46.253.211 link#5 UHLWIi 0 1 en1 204.9.163.143 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1178 213.199.179.141 0:50:7f:5e:92:e2 UHLWIi 0 2 en1 1172 213.199.179.142 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1165 213.199.179.143 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1166 213.199.179.146 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1172 213.199.179.147 0:50:7f:5e:92:e2 UHLWIi 0 2 en1 1164 213.199.179.148 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1165 213.199.179.149 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1172 213.199.179.150 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1165 213.199.179.151 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1164 213.199.179.153 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1166 213.199.179.157 0:50:7f:5e:92:e2 UHLWIi 0 2 en1 1167 213.199.179.160 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1165 213.199.179.161 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1172 213.199.179.162 0:50:7f:5e:92:e2 UHLWIi 0 2 en1 1163 213.199.179.165 0:50:7f:5e:92:e2 UHLWIi 0 1 en1 1164 213.199.179.166 0:50:7f:5e:92:e2 UHLWIi 0 3 en1 1164 224.0.0.251 1:0:5e:0:0:fc UHmLWI 0 0 en1 255.255.255.255 ff:ff:ff:ff:ff:ff UHLWbI 0 2 en1 Internet6: Destination Gateway Flags Netif Expire ::1 link#1 UHL lo0 fe80::%lo0/64 fe80::1%lo0 UcI lo0 fe80::1%lo0 link#1 UHLI lo0 fe80::%en1/64 link#5 UCI en1 fe80::21b:63ff:fec7:c486%en1 0:1b:63:c7:c4:87 UHLI lo0 fe80::223:12ff:fe01:d7fe%en1 0:23:12:1:d7:ff UHLWIi en1 ff01::%lo0/32 fe80::1%lo0 UmCI lo0 ff01::%en1/32 link#5 UmCI en1 ff02::%lo0/32 fe80::1%lo0 UmCI lo0 ff02::%en1/32 link#5 UmCI en1

    Read the article

  • Routing domain over lan [closed]

    - by Buri
    I have server on my local network which is exposed to the internet. I have domain pointed on my IP and setup forwarding. The thing i would like to do is when i access example.com from lan to connection be routed directly on my server, not to the nearest DNS. Things I had in mind were to upgrade router with dd-wrt and setup routing rule, or to setup local DNS. Unfortunately, I'm not familiar with neither of those systems.

    Read the article

  • Routing with VPN and asymmetric communication

    - by Louis
    I'm stumbling on a problem that requires your advice. Keywords : networking, route, openVPN Problem : I have a local network with several physical servers and VMs. These machines have ip's in the range 10.10.x.x. I can access these machines from the Internet with the help of openVPN. These machines can : access each other within the local 10.10.x.x subnet access the Internet via the VPN can themselves be accessed (via SSH) from the Internet via the VPN. There is one machine however that behaves strangely and I don't know why. I can SSH into this machine from anywhere via SSH and I can also PING it from anywhere (including the Internet). However from this machine (i.e. when logged into it) I cannot access the Internet or ping machines outside the local network. In other words it will not go beyond the VPN. My question is why? Here are some technical details: The machine's Network Config (running Debian 6.0.3): allow-hotplug eth0 iface eth0 inet static address 10.10.10.200 netmask 255.255.0.0 network 10.10.10.0 broadcast 10.10.10.255 gateway 10.10.10.200 The machine's Routing : Destination Gateway Genmask Flags MSS Window irtt Iface 127.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 lo 10.10.0.0 10.10.10.250 255.255.0.0 UG 0 0 0 eth0 10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 10.10.10.250 0.0.0.0 UG 0 0 0 eth0 0.0.0.0 10.10.10.200 0.0.0.0 UG 0 0 0 eth0 The VPN's Network Config (running Debian 6.0.3): # This is the local network interface auto eth1 allow-hotplug eth1 iface eth1 inet static address 10.10.10.250 netmask 255.255.0.0 broadcast 10.10.10.255 gateway 10.10.10.250 The VPN's routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.10.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 private 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 10.10.10.250 0.0.0.0 UG 0 0 0 eth1 0.0.0.0 private 0.0.0.0 UG 0 0 0 eth0 net.ipv4.ip_forward = 1 on both machines. there are no iptables set anywhere. Thanks in advance for any feedback.

    Read the article

  • Windows 2003 routing by port

    - by vansickle
    I have remote Windows 2003 server with two network interfaces e.g. Cn1 and Cn2. I need that all traffic goes through Cn1 except for one port (for me it's 3389, rdp for administration) that works over Cn2. Currently when I setup all connections work through Cn1, I completely lose connection over Cn2 - and can't connect to server via RDP over Cn2. Now I used static routing based on my ip address (which can changed - so it's bad).

    Read the article

  • Routing between same network

    - by user1389735
    Hi In this scenario there is point -to point serial connection between R6 and R7 , there is router R10 whose interface F0/0 is having ip address of 10.1.1.2/24 and there is a host machine (R9) with ip address 10.1.1.1/24 which is running an application, My problem is that Application on R9 will only work when it will get its Gateway as 10.1.1.1/24 which is of router (R10) , is there any way i can make R6 and R7 transparent for R9 and R10, Or any type of routing using GRE / Route-map or any other way. Thanks in advace

    Read the article

  • Redirecting or routing all traffic to OpenVPN on a Mac OS X client

    - by sdr56p
    I have configured an OpenVPN (2.2.1) server on an Ubuntu virtual machine in the Amazon elastic compute cloud. The server is up and running. I have installed OpenVPN (2.2.1) on a Mac OS X (10.8.2) client and I am using the openvpn2 binary to connect (in opposition to other clients like Tunnelblick or Viscosity). I can connect with the client and successfully ping or ssh the server through the tunnel. However, I can't redirect all internet traffic through the VPN even if I use the push "redirect-gateway def1 bypass-dhcp" option in the server.conf configurations. When I connect to the server with these configurations, I get a successful connection, but then an infinite series of error messages: "write UDPv4: No route to host (code=65)". Traffic routing seems to be compromised because I am not able to access anything anymore, not even the OpenVPN server (by pinging 10.8.0.1 for instance). This is beyond me. I am finding little help on the web and don't know what to try next. I don't think it is a problem of forwarding the traffic on the server since, first, I have also took care of that and, second, I can't even ping the VPN server locally through the tunnel (or ping anything at all for that matter). Thank you for your help. Here is the server.conf. file: port 1194 proto udp dev tun ca ca.crt cert ec2-server.crt key ec2-server.key # This file should be kept secret dh dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" client-to-client keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 And the client.conf file: client dev tun proto udp remote servername.com 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert Toto5.crt key Toto5.key ns-cert-type server comp-lzo verb 3 Here is the connection log with the error messages: $ sudo openvpn2 --config client.conf Wed Mar 13 22:58:22 2013 OpenVPN 2.2.1 x86_64-apple-darwin12.2.0 [SSL] [LZO2] [eurephia] built on Mar 4 2013 Wed Mar 13 22:58:22 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Wed Mar 13 22:58:22 2013 LZO compression initialized Wed Mar 13 22:58:22 2013 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Wed Mar 13 22:58:22 2013 Socket Buffers: R=[196724->65536] S=[9216->65536] Wed Mar 13 22:58:22 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Wed Mar 13 22:58:22 2013 Local Options hash (VER=V4): '41690919' Wed Mar 13 22:58:22 2013 Expected Remote Options hash (VER=V4): '530fdded' Wed Mar 13 22:58:22 2013 UDPv4 link local: [undef] Wed Mar 13 22:58:22 2013 UDPv4 link remote: 54.234.43.171:1194 Wed Mar 13 22:58:22 2013 TLS: Initial packet from 54.234.43.171:1194, sid=ffbaf343 d0c1a266 Wed Mar 13 22:58:22 2013 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funst ... ost.domain Wed Mar 13 22:58:22 2013 VERIFY OK: nsCertType=SERVER Wed Mar 13 22:58:22 2013 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funst ... ost.domain Wed Mar 13 22:58:23 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Mar 13 22:58:23 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Mar 13 22:58:23 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Mar 13 22:58:23 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Mar 13 22:58:23 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Wed Mar 13 22:58:23 2013 [ec2-server] Peer Connection Initiated with 54.234.43.171:1194 Wed Mar 13 22:58:25 2013 SENT CONTROL [ec2-server]: 'PUSH_REQUEST' (status=1) Wed Mar 13 22:58:25 2013 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' Wed Mar 13 22:58:25 2013 OPTIONS IMPORT: timers and/or timeouts modified Wed Mar 13 22:58:25 2013 OPTIONS IMPORT: --ifconfig/up options modified Wed Mar 13 22:58:25 2013 OPTIONS IMPORT: route options modified Wed Mar 13 22:58:25 2013 ROUTE default_gateway=0.0.0.0 Wed Mar 13 22:58:25 2013 TUN/TAP device /dev/tun0 opened Wed Mar 13 22:58:25 2013 /sbin/ifconfig tun0 delete ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address Wed Mar 13 22:58:25 2013 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure Wed Mar 13 22:58:25 2013 /sbin/ifconfig tun0 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up Wed Mar 13 22:58:25 2013 /sbin/route add -net 10.8.0.0 10.8.0.5 255.255.255.0 add net 10.8.0.0: gateway 10.8.0.5 Wed Mar 13 22:58:25 2013 Initialization Sequence Completed ^CWed Mar 13 22:58:30 2013 event_wait : Interrupted system call (code=4) Wed Mar 13 22:58:30 2013 TCP/UDP: Closing socket Wed Mar 13 22:58:30 2013 /sbin/route delete -net 10.8.0.0 10.8.0.5 255.255.255.0 delete net 10.8.0.0: gateway 10.8.0.5 Wed Mar 13 22:58:30 2013 Closing TUN/TAP interface Wed Mar 13 22:58:30 2013 SIGINT[hard,] received, process exiting toto5:ttntec2 Dominic$ sudo openvpn2 --config client.conf --remote ec2-54-234-43-171.compute-1.amazonaws.com Wed Mar 13 22:58:57 2013 OpenVPN 2.2.1 x86_64-apple-darwin12.2.0 [SSL] [LZO2] [eurephia] built on Mar 4 2013 Wed Mar 13 22:58:57 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Wed Mar 13 22:58:57 2013 LZO compression initialized Wed Mar 13 22:58:57 2013 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Wed Mar 13 22:58:57 2013 Socket Buffers: R=[196724->65536] S=[9216->65536] Wed Mar 13 22:58:57 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Wed Mar 13 22:58:57 2013 Local Options hash (VER=V4): '41690919' Wed Mar 13 22:58:57 2013 Expected Remote Options hash (VER=V4): '530fdded' Wed Mar 13 22:58:57 2013 UDPv4 link local: [undef] Wed Mar 13 22:58:57 2013 UDPv4 link remote: 54.234.43.171:1194 Wed Mar 13 22:58:57 2013 TLS: Initial packet from 54.234.43.171:1194, sid=a0d75468 ec26de14 Wed Mar 13 22:58:58 2013 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funst ... ost.domain Wed Mar 13 22:58:58 2013 VERIFY OK: nsCertType=SERVER Wed Mar 13 22:58:58 2013 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funst ... ost.domain Wed Mar 13 22:58:58 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Mar 13 22:58:58 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Mar 13 22:58:58 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Mar 13 22:58:58 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Mar 13 22:58:58 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Wed Mar 13 22:58:58 2013 [ec2-server] Peer Connection Initiated with 54.234.43.171:1194 Wed Mar 13 22:59:00 2013 SENT CONTROL [ec2-server]: 'PUSH_REQUEST' (status=1) Wed Mar 13 22:59:00 2013 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' Wed Mar 13 22:59:00 2013 OPTIONS IMPORT: timers and/or timeouts modified Wed Mar 13 22:59:00 2013 OPTIONS IMPORT: --ifconfig/up options modified Wed Mar 13 22:59:00 2013 OPTIONS IMPORT: route options modified Wed Mar 13 22:59:00 2013 ROUTE default_gateway=0.0.0.0 Wed Mar 13 22:59:00 2013 TUN/TAP device /dev/tun0 opened Wed Mar 13 22:59:00 2013 /sbin/ifconfig tun0 delete ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address Wed Mar 13 22:59:00 2013 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure Wed Mar 13 22:59:00 2013 /sbin/ifconfig tun0 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up Wed Mar 13 22:59:00 2013 /sbin/route add -net 54.234.43.171 0.0.0.0 255.255.255.255 add net 54.234.43.171: gateway 0.0.0.0 Wed Mar 13 22:59:00 2013 /sbin/route add -net 0.0.0.0 10.8.0.5 128.0.0.0 add net 0.0.0.0: gateway 10.8.0.5 Wed Mar 13 22:59:00 2013 /sbin/route add -net 128.0.0.0 10.8.0.5 128.0.0.0 add net 128.0.0.0: gateway 10.8.0.5 Wed Mar 13 22:59:00 2013 /sbin/route add -net 10.8.0.0 10.8.0.5 255.255.255.0 add net 10.8.0.0: gateway 10.8.0.5 Wed Mar 13 22:59:00 2013 Initialization Sequence Completed Wed Mar 13 22:59:00 2013 write UDPv4: No route to host (code=65) Wed Mar 13 22:59:00 2013 write UDPv4: No route to host (code=65) Wed Mar 13 22:59:01 2013 write UDPv4: No route to host (code=65) Wed Mar 13 22:59:01 2013 write UDPv4: No route to host (code=65) Wed Mar 13 22:59:01 2013 write UDPv4: No route to host (code=65) Wed Mar 13 22:59:02 2013 write UDPv4: No route to host (code=65) Wed Mar 13 22:59:02 2013 write UDPv4: No route to host (code=65) Wed Mar 13 22:59:02 2013 write UDPv4: No route to host (code=65) Wed Mar 13 22:59:02 2013 write UDPv4: No route to host (code=65) Wed Mar 13 22:59:02 2013 write UDPv4: No route to host (code=65) ... The routing table after a connection WITHOUT the push redirect-gateway (all traffic is not redirected to the VPN and everything is working fine, I can ping or ssh the OpenVPN server and access all other Internet resources through my default gateway): Destination Gateway Flags Refs Use Netif Expire default user148-1.wireless UGSc 50 0 en1 10.8/24 10.8.0.5 UGSc 2 7 tun0 10.8.0.5 10.8.0.6 UH 3 2 tun0 127 localhost UCS 0 0 lo0 localhost localhost UH 6 6692 lo0 client.openvpn.net client.openvpn.net UH 3 18 lo0 142.1.148/22 link#5 UCS 2 0 en1 user148-1.wireless 0:90:b:27:10:71 UHLWIir 50 0 en1 76 user150-173.wirele localhost UHS 0 0 lo0 142.1.151.255 ff:ff:ff:ff:ff:ff UHLWbI 0 2 en1 169.254 link#5 UCS 1 0 en1 169.254.255.255 0:90:b:27:10:71 UHLSWi 0 0 en1 71 The routing table after a connection with the push redirect-gateway option enable as in the server.conf file above (all internet traffic should be redirected to the VPN tunnel, but nothing is working, I can't access any Internet ressources at all): Destination Gateway Flags Refs Use Netif Expire 0/1 10.8.0.5 UGSc 1 0 tun0 default user148-1.wireless UGSc 7 0 en1 10.8/24 10.8.0.5 UGSc 0 0 tun0 10.8.0.5 10.8.0.6 UHr 6 0 tun0 54.234.43.171/32 0.0.0.0 UGSc 1 0 en1 127 localhost UCS 0 0 lo0 localhost localhost UH 3 6698 lo0 client.openvpn.net client.openvpn.net UH 0 27 lo0 128.0/1 10.8.0.5 UGSc 2 0 tun0 142.1.148/22 link#5 UCS 1 0 en1 user148-1.wireless 0:90:b:27:10:71 UHLWIir 1 0 en1 833 user150-173.wirele localhost UHS 0 0 lo0 169.254 link#5 UCS 1 0 en1 169.254.255.255 0:90:b:27:10:71 UHLSW 0 0 en1

    Read the article

  • controller path not found for static images? asp.net mvc routing issue?

    - by rksprst
    I have an image folder stored at ~/Content/Images/ I am loading these images via <img src="/Content/Images/Image.png" /> Recently, the images aren't loading and I am getting the following errors in my error log. What's weird is that some images load fine, while others do not load. Anyone have any idea what is wrong with my routes? Am I missing an ignore route for the /Content/ folder? I am also getting the same error for favicon.ico and a bunch of other image files... <Fatal> -- 3/25/2010 2:32:38 AM -- System.Web.HttpException: The controller for path '/Content/Images/box_bottom.png' could not be found or it does not implement IController. at System.Web.Mvc.DefaultControllerFactory.GetControllerInstance(Type controllerType) at System.Web.Mvc.DefaultControllerFactory.CreateController(RequestContext requestContext, String controllerName) at System.Web.Mvc.MvcHandler.ProcessRequest(HttpContextBase httpContext) at System.Web.Mvc.MvcHandler.ProcessRequest(HttpContext httpContext) at System.Web.Mvc.MvcHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext httpContext) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) My current routes look like this: routes.IgnoreRoute("{resource}.axd/{*pathInfo}"); routes.MapRoute( "Default", // Route name "{controller}/{action}/{id}", // URL with parameters new { controller = "Home", action = "Index", id = "" } // Parameter defaults ); routes.MapRoute( "ControllerDefault", // Route name "{controller}/project/{projectid}/{action}/{searchid}", // URL with parameters new { controller = "Listen", action = "Index", searchid = "" } // Parameter defaults ); Thanks!

    Read the article

  • Help with ASP.NET 4.0 routing and subfolders

    - by pixel3cs
    If I use routing with 2 query parameters, like this: System.Web.Routing.RouteTable.Routes.MapPageRoute("HomeRoute", "home/{f1}/{f2}", "~/Home.aspx"); My image does not appear on my Home.aspx page: <img src="~/img/img.jpg" /> or <img src="img/img.jpg" /> But it does appear when I access the http://localhost:3760/Website/Home.aspx URL I tried using Routing.Ignore with no luck. I look for a solution wich should work for an unlimited number of subfolders: "home/{f1}/{f2}/.../{fn}"

    Read the article

  • How to route tree-structured URLs with ASP.NET Routing?

    - by Venemo
    Hello Everyone, I would like to achieve something very similar to this question, with some enhancements. There is an ASP.NET MVC web application. I have a tree of entities. For example, a Page class which has a property called Children, which is of type IList<Page>. (An instance of the Page class corresponds to a row in a database.) I would like to assign a unique URL to every Page in the database. I handle Page objects with a Controller called PageController. Example URLs: http://mysite.com/Page1/ http://mysite.com/Page1/SubPage/ http://mysite.com/Page/ChildPage/GrandChildPage/ You get the picture. So, I'd like every single Page object to have its own URL that is equal to its parent's URL plus its own name. In addition to that, I also would like the ability to map a single Page to the / (root) URL. I would like to apply these rules: If a URL can be handled with any other route, or a file exists in the filesystem in the specified URL, let the default URL mapping happen If a URL can be handled by the virtual path provider, let that handle it If there is no other, map the other URLs to the PageController class I also found this question, and also this one and this one, but they weren't of much help, since they don't provide an explanation about my first two points. I see the following possible soutions: Map a route for each page invidually. This requires me to go over the entire tree when the application starts, and adding an exact match route to the end of the route table. I could add a route with {*path} and write a custom IRouteHandler that handles it, but I can't see how could I deal with the first two rules then, since this handler would get to handle everything. So far, the first solution seems to be the right one, because it is also the simplest. I would really appreciate your thoughts on this. Thank you in advance!

    Read the article

  • Symfony 1.4 require a domain name in routing

    - by Sunjalo
    I need to require a domain name in my symfony routing, my route looks like the following: domain_example: url: /routing/example/:domain_name param: { module: myModule, action: index, sf_format: json } requirements: { domain_name: '/^[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}$/' } I have also tried: requirements: { domain_name: '[/^[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}$/]' } If I call my route like so: mydomain.com/routing/example/otherdomain.com - I just get the module/action does not exist exception. Any advice appreciated - thanks everyone ^_^

    Read the article

  • System.Web.Routing.UrlRoutingModule and Ingragistics WebHtmlEditor - one or other not both

    - by Krishna
    Hi- I have a website created in VS 2008 using asp.net v3.5. My requirement is to add both Routing and Infragistics controls the website. But noticed, I can have only one of these working - not both. My infragistics control works if I remove the following from web.config But by removing it- routing would not work. Is there a way I can have both infragistics and routing working in a single website? Thanks so much.

    Read the article

  • Setting up a VPN connection to Amazon VPC - routing

    - by Keeno
    I am having some real issues setting up a VPN between out office and AWS VPC. The "tunnels" appear to be up, however I don't know if they are configured correctly. The device I am using is a Netgear VPN Firewall - FVS336GV2 If you see in the attached config downloaded from VPC (#3 Tunnel Interface Configuration), it gives me some "inside" addresses for the tunnel. When setting up the IPsec tunnels do I use the inside tunnel IP's (e.g. 169.254.254.2/30) or do I use my internal network subnet (10.1.1.0/24) I have tried both, when I tried the local network (10.1.1.x) the tracert stops at the router. When I tried with the "inside" ips, the tracert to the amazon VPC (10.0.0.x) goes out over the internet. this all leads me to the next question, for this router, how do I set up stage #4, the static next hop? What are these seemingly random "inside" addresses and where did amazon generate them from? 169.254.254.x seems odd? With a device like this, is the VPN behind the firewall? I have tweaked any IP addresses below so that they are not "real". I am fully aware, this is probably badly worded. Please if there is any further info/screenshots that will help, let me know. Amazon Web Services Virtual Private Cloud IPSec Tunnel #1 ================================================================================ #1: Internet Key Exchange Configuration Configure the IKE SA as follows - Authentication Method : Pre-Shared Key - Pre-Shared Key : --- - Authentication Algorithm : sha1 - Encryption Algorithm : aes-128-cbc - Lifetime : 28800 seconds - Phase 1 Negotiation Mode : main - Perfect Forward Secrecy : Diffie-Hellman Group 2 #2: IPSec Configuration Configure the IPSec SA as follows: - Protocol : esp - Authentication Algorithm : hmac-sha1-96 - Encryption Algorithm : aes-128-cbc - Lifetime : 3600 seconds - Mode : tunnel - Perfect Forward Secrecy : Diffie-Hellman Group 2 IPSec Dead Peer Detection (DPD) will be enabled on the AWS Endpoint. We recommend configuring DPD on your endpoint as follows: - DPD Interval : 10 - DPD Retries : 3 IPSec ESP (Encapsulating Security Payload) inserts additional headers to transmit packets. These headers require additional space, which reduces the amount of space available to transmit application data. To limit the impact of this behavior, we recommend the following configuration on your Customer Gateway: - TCP MSS Adjustment : 1387 bytes - Clear Don't Fragment Bit : enabled - Fragmentation : Before encryption #3: Tunnel Interface Configuration Your Customer Gateway must be configured with a tunnel interface that is associated with the IPSec tunnel. All traffic transmitted to the tunnel interface is encrypted and transmitted to the Virtual Private Gateway. The Customer Gateway and Virtual Private Gateway each have two addresses that relate to this IPSec tunnel. Each contains an outside address, upon which encrypted traffic is exchanged. Each also contain an inside address associated with the tunnel interface. The Customer Gateway outside IP address was provided when the Customer Gateway was created. Changing the IP address requires the creation of a new Customer Gateway. The Customer Gateway inside IP address should be configured on your tunnel interface. Outside IP Addresses: - Customer Gateway : 217.33.22.33 - Virtual Private Gateway : 87.222.33.42 Inside IP Addresses - Customer Gateway : 169.254.254.2/30 - Virtual Private Gateway : 169.254.254.1/30 Configure your tunnel to fragment at the optimal size: - Tunnel interface MTU : 1436 bytes #4: Static Routing Configuration: To route traffic between your internal network and your VPC, you will need a static route added to your router. Static Route Configuration Options: - Next hop : 169.254.254.1 You should add static routes towards your internal network on the VGW. The VGW will then send traffic towards your internal network over the tunnels. IPSec Tunnel #2 ================================================================================ #1: Internet Key Exchange Configuration Configure the IKE SA as follows - Authentication Method : Pre-Shared Key - Pre-Shared Key : --- - Authentication Algorithm : sha1 - Encryption Algorithm : aes-128-cbc - Lifetime : 28800 seconds - Phase 1 Negotiation Mode : main - Perfect Forward Secrecy : Diffie-Hellman Group 2 #2: IPSec Configuration Configure the IPSec SA as follows: - Protocol : esp - Authentication Algorithm : hmac-sha1-96 - Encryption Algorithm : aes-128-cbc - Lifetime : 3600 seconds - Mode : tunnel - Perfect Forward Secrecy : Diffie-Hellman Group 2 IPSec Dead Peer Detection (DPD) will be enabled on the AWS Endpoint. We recommend configuring DPD on your endpoint as follows: - DPD Interval : 10 - DPD Retries : 3 IPSec ESP (Encapsulating Security Payload) inserts additional headers to transmit packets. These headers require additional space, which reduces the amount of space available to transmit application data. To limit the impact of this behavior, we recommend the following configuration on your Customer Gateway: - TCP MSS Adjustment : 1387 bytes - Clear Don't Fragment Bit : enabled - Fragmentation : Before encryption #3: Tunnel Interface Configuration Outside IP Addresses: - Customer Gateway : 217.33.22.33 - Virtual Private Gateway : 87.222.33.46 Inside IP Addresses - Customer Gateway : 169.254.254.6/30 - Virtual Private Gateway : 169.254.254.5/30 Configure your tunnel to fragment at the optimal size: - Tunnel interface MTU : 1436 bytes #4: Static Routing Configuration: Static Route Configuration Options: - Next hop : 169.254.254.5 You should add static routes towards your internal network on the VGW. The VGW will then send traffic towards your internal network over the tunnels. EDIT #1 After writing this post, I continued to fiddle and something started to work, just not very reliably. The local IPs to use when setting up the tunnels where indeed my network subnets. Which further confuses me over what these "inside" IP addresses are for. The problem is, results are not consistent what so ever. I can "sometimes" ping, I can "sometimes" RDP using the VPN. Sometimes, Tunnel 1 or Tunnel 2 can be up or down. When I came back into work today, Tunnel 1 was down, so I deleted it and re-created it from scratch. Now I cant ping anything, but Amazon AND the router are telling me tunnel 1/2 are fine. I guess the router/vpn hardware I have just isnt up to the job..... EDIT #2 Now Tunnel 1 is up, Tunnel 2 is down (I didn't change any settings) and I can ping/rdp again. EDIT #3 Screenshot of route table that the router has built up. Current state (tunnel 1 still up and going string, 2 is still down and wont re-connect)

    Read the article

  • correct routing for multiple devices

    - by helmi
    I have Debian Lenny machine with 3 interfaces enabled (eth0-2), and I have problems as follow. eth1 is connected to a router and this router has portforwarding for port80. eth2 is connected direct to the internet If I open a website hosted on my system via the router it works fine. If I try to open the same via the eth2 connetion it does not! tshark shows incomming trafic on eth2 but nothing goes out there. iptabes accepts all My routing table: Ziel Router Genmask Flags Metric Ref Use Iface 10.9.0.2 * 255.255.255.255 UH 0 0 0 tun0 212.236.24.128 * 255.255.255.224 U 0 0 0 eth2 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 10.9.0.0 10.9.0.2 255.255.255.0 UG 0 0 0 tun0 default 192.168.1.1 0.0.0.0 UG 0 0 0 eth1 default 212.236.024.129 0.0.0.0 UG 0 0 0 eth2 default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0

    Read the article

  • Routing only some local IPs through VPN on dd-wrt

    - by bo-inge-ostberg
    Much similar to this entry: http://serverfault.com/questions/94283/using-dd-wrt-to-connect-to-vpn-and-forward-all-traffic-of-certain-devices-through , I have set up my router with dd-wrt + OpenVPN to connect to a VPN. This works fine, and all traffic from behind the router goes through the VPN. How do I route(?) traffic in the router so that only certain IPs from the LAN will go through the VPN, while the others take the "normal" route? Is it also possible to allow traffic from certain local IPs to go ONLY through the VPN, making it impossible for them to use the regular internet connection if the VPN is down? I know this question was answered in the post I linked to, but that just doesn't seem to work for me. The routing table and rules change, but traffic still just goes through the VPN.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >