I have multiple sites connected using RRAS VPN. Each site has it's own
assigned class C address space and inter-site routing is handled simply by
static routes on all the servers and static routes assigned via DHCP for
clients.
Problem I experience is that occasionally a VPN link will go down for a
short time, but when it comes back up some clients can't connect because the
server has added an incorrect route in it's table back to the client.
Instead of a routing entry to the VPN server, it now has one to the default
gateway (Internet) instead.
For example, client 192.168.10.100 connects across VPN to another site with
server at 192.168.20.10. That server will normally have these routing table
entries:
0.0.0.0 0.0.0.0 192.168.20.1 (Internet/default gateway)
192.168.10.0 255.255.255.0 192.168.20.2 (static route to client's address
space thru VPN server).
192.168.10.100 255.255.255.255 192.168.20.2 (auto-added client route thru
VPN server created when client connects)
If the VPN is down for a couple of minutes, the routing table changes to:
0.0.0.0 0.0.0.0 192.168.20.1 (Internet/default gateway)
192.168.10.0 255.255.255.0 192.168.20.2 (static route to VPN server).
192.168.10.100 255.255.255.255 192.168.20.1 (auto-added client route
incorrectly points to Internet/default gateway now instead of VPN server)
Once this errant entry appears in the routing table of the server, the
client cannot connect across the VPN until the routing entry is deleted.
These are internal IP addresses and not reachable thru the Internet gateway.
These occurrences are getting very annoying. I've built scripts to scan the
server routing tables at periodic intervals to clean up the routing table of
any intersite client routes that are incorrectly targetting the default
gateway, but does anyone know why this is happening and if is preventable?
|
Similar Threads
Linear Mode
