Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN How To

Fix the IPsec client routing (cont'd)

More sophisticated VPN gateways and IPsec client applications handle this problem by assigning virtual IP addresses to VPN clients during the authentication process. These virtual IPs are in the same subnet as clients on the gateway's LAN side, so for all intents and purposes, the client on the remote end of the tunnel looks like a full-fledged member of the local LAN.

Unfortunately, we're running a low-budget operation and neither the SX41 nor Microsoft's IPsec client can handle virtual IPs. So we have to solve the problem by fixing the Gateway IP address so that it properly points to the VPN router's WAN side IP address, i.e. 192.168.3.254.

If for some reason we need to use one router to get to the Internet and another for our VPN tunnel, adding a static route on the WAN client will make everything work. To do this for our example, just open up a Command prompt (MS-DOS) window and type:

route add 192.168.1.0 mask 255.255.255.0 192.168.3.254

This says to your client, "take all the data intended for any IP address between 192.168.1.1 and 192.168.1.254 and send it to 192.168.3.254".

WAN LAN client routing with 192.168.1.0 static route added

Figure 22: WAN LAN client routing with 192.168.1.0 static route added

Figure 22 shows the output of a route print run after the route is added. Since 192.168.3.254 is the WAN IP address of the SX41, and the remote end of our VPN tunnel, our data will now properly find its way and your ping (and everything else) should work. Note that the default gateway for all other traffic (including Internet) remains 192.168.3.1.

Tip! TIP: If you're running Win2000 or XP, you can use the "-p" option of the router add command, i.e. route add -p 198.168.1.0 ... to create a persistent static route that will be there next time you boot.

If you're running earlier Windows OSes, just open Notepad, type in the desired "route add ..." command, save as routeadd.bat and put a copy in your Startup folder. This will run the batch command every time you boot and add the desired route.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hi,Before I had one time where after a power outage config. reset to factory defaults... (just flashed config. and solved it)But this time was differe...
Hello,I've been using asuswrt-merlin firmware for quite some time in my AC87U router. I was running version 384.9 since today when I decided to upgrad...
This is a bit of a long and complicated problem, and it is in two parts... so please bear with me.I have the following equipment.A Plusnet one hub (I ...
I am having a problem loading Merlin on my RT 86u.the stock version does not allow me to select the merlin software on my PC , it only has the firmwar...
I would like to be able to tie OPENVPN to a specific SSID or LAN port, e.g I want default traffic go out on the Internet, but specific devices to use ...

Don't Miss These

  • 1
  • 2
  • 3