Client/StaticRoutes: Difference between revisions
(Created page with "== How to create static routes in the web interface == "Interface" must be set towards the interface that should be used as a first hop, where the device providing VPN is. This depends on your network/VPN setup. "Target" and "IPv4 Netmask" should be set according to the IP subnet used in your VPN (100.64.8.0 255.255.255.0 ?) Metric, MTU and Route Type can be left as is. To save, make sure to press "Save & Apply" at the bottom of the page instead of the "Add" button s...") |
No edit summary |
||
Line 1: | Line 1: | ||
[[Category:Client]] | |||
== How to create static routes in the web interface == | == How to create static routes in the web interface == | ||
Line 13: | Line 14: | ||
If you are still unsure, log into the router via SSH through your VPN setup when the bondix tunnel is disabled. To find out which IP the router sees, you can do a | If you are still unsure, log into the router via SSH through your VPN setup when the bondix tunnel is disabled. To find out which IP the router sees, you can do a | ||
logread | grep dropbear | <nowiki>logread | grep dropbear</nowiki> | ||
The last line should be something along "Password auth succeeded for 'root' from 10.24.0.2:57401". | The last line should be something along "Password auth succeeded for 'root' from 10.24.0.2:57401". |
Latest revision as of 13:03, 1 June 2023
How to create static routes in the web interface
"Interface" must be set towards the interface that should be used as a first hop, where the device providing VPN is. This depends on your network/VPN setup.
"Target" and "IPv4 Netmask" should be set according to the IP subnet used in your VPN (100.64.8.0 255.255.255.0 ?)
Metric, MTU and Route Type can be left as is. To save, make sure to press "Save & Apply" at the bottom of the page instead of the "Add" button seen in the screenshot.
Again, the reason why this happens is likely that you are accessing the router with a source IP address that is within the LAN IP subnet. With Bondix disabled, the router will use its regular default route, which happens to route the responses to your device accordingly. However, when S.A.NE is enabled, the default route changes to go through the tunnel, bypassing your regular VPN routing setup.
If you are still unsure, log into the router via SSH through your VPN setup when the bondix tunnel is disabled. To find out which IP the router sees, you can do a
logread | grep dropbear
The last line should be something along "Password auth succeeded for 'root' from 10.24.0.2:57401". (But of course with your IP instead.)
Now, do a traceroute for that IP on the device:
The first hop reveals which gateway IP to put in the static route, based on this you can also determine which interface must be configured. If you are unsure about the netmask, you can use 255.255.255.255 to only route your IP.