Situation: a multihomed computer is setup one NIC connecting to a DMZ (IP 172.254.2.0/16) with default gateway and another other network NIC connecting the LAN (IP 10.0.0.0/16) without gateway. The user can establish the VPN using IP 192.169.198.0/24 to access the LAN but not this multihomed computer because LAN NIC doesn’t have gateway or route return. The below are the results of ipconfig and routing table.
ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.0.0.106
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 172.254.2.66
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.254.2.251
route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 04 76 35 e1 18 ...... 3Com 3CSOHO Fast Ethernet Adapter - Packet Sched
uler Miniport
0x3 ...00 17 a4 40 73 11 ...... Broadcom NetXtreme Gigabit Ethernet - Packet Sch
eduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.254.2.251 172.254.2.66 20
10.0.0.0 255.255.0.0 10.0.0.106 10.0.0.106 20
10.0.0.106 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.0.0.106 10.0.0.106 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.254.2.0 255.255.255.0 172.254.2.66 172.254.2.66 20
172.254.2.66 255.255.255.255 127.0.0.1 127.0.0.1 20
172.254.255.255 255.255.255.255 172.254.2.66 172.254.2.66 20
224.0.0.0 240.0.0.0 10.0.0.106 10.0.0.106 20
224.0.0.0 240.0.0.0 172.254.2.66 172.254.2.66 20
255.255.255.255 255.255.255.255 10.0.0.106 10.0.0.106 1
255.255.255.255 255.255.255.255 172.254.2.66 172.254.2.66 1
Default Gateway: 172.254.2.251
===========================================================================
Persistent Routes:
None
Solution: modify the routing table on the multihomed computer so that the computer has route return to the VPN. In our case, do this command “route add 192.168.198.0 mask 255.255.255.0 10.0.0.2”. The below is the modified routing table.
route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 04 76 35 e1 18 ...... 3Com 3CSOHO Fast Ethernet Adapter - Packet Sched
uler Miniport
0x3 ...00 17 a4 40 73 11 ...... Broadcom NetXtreme Gigabit Ethernet - Packet Sch
eduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.254.2.251 172.254.2.66 20
10.0.0.0 255.255.0.0 10.0.0.106 10.0.0.106 20
10.0.0.106 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.0.0.106 10.0.0.106 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.254.2.0 255.255.255.0 172.254.2.66 172.254.2.66 20
172.254.2.66 255.255.255.255 127.0.0.1 127.0.0.1 20
172.254.255.255 255.255.255.255 172.254.2.66 172.254.2.66 20
192.168.198.0 255.255.255.0 10.0.0.2 10.0.0.106 1
224.0.0.0 240.0.0.0 10.0.0.106 10.0.0.106 20
224.0.0.0 240.0.0.0 172.254.2.66 172.254.2.66 20
255.255.255.255 255.255.255.255 10.0.0.106 10.0.0.106 1
255.255.255.255 255.255.255.255 172.254.2.66 172.254.2.66 1
Default Gateway: 172.254.2.251
===========================================================================
Persistent Routes:REFERENCES
http://www.chicagotech.net/VPN/vpnrouting1.htm
