Set static routes for entire network on router (default Gateway)

Setting a static route on the peplink wont change the route taken by your clients, if ...254 is their default gateway then they always use that regardless of what routes you set on your gateway.  The clients aren't routes so don't learn new routes.

However if you've set a static route on the peplink then it should know where to forward the packets from the clients so if your tracert stops as ...254 then there's something wrong with the static route you've defined.  

You can definte a permanent static route on your clients if you like by adding a -p to the end of the ROUTE ADD command.  The route will then stay forever, unless you delete it with ROUTE DELETE.  Always assuming their Microsoft clients!

I think you are going about this the wrong way...

It sounds like you want the default gateway router (.254) to somehow add a route into the client OS?  am I right?

If so, this is not how things work.  The client should ALWAYS forward unknown packets for which it doesn't have a route to the default gateway (as it is doing).  The router (.254) should then take the packet and send it on to the distant network - ie routing (what a router does... :) )

By adding the route to the router (.254) for the 192.168.2.x network, using a gateway of (.253) you are asking the router to send the packet back out the same interface which it received it on (192.168.1.x) - this is not always possible with some hardware.  This may be why the route is not "sticking"

The way to test is to actually test from the router itself first.  With the route added/saved, try doing a traceroute and a ping to an available host within the router's console.

Is there anyway you can attach the ".253" router to a different interface on the .254 router ?

Thanks

Thanks for these fast replies guys!

Prashsax: I'm adding this route on the default gateway and i want the next hop to be .253 This doesn't work, it forwards it to it's default gateway (public ip on the DSL modem) instead where it dies.

Cbaron: yes, i know it won't add it but the def gateway should route it. It works when I define the route on the clients but want to avoid decentralising this.

NYTechGuy: yes, it needs to send it back out on the same interface. Never thought that would be a problem. I'll submit it to Peplink support then? (they did not yet reply on previous issues)

If you (or others) have any further ideas, please let me know. I think I gave you the additional clarification you needed above? If not let me know

Tijs

If I understand this right:

Your subnet is 192.168.1.0/24 and the default route is 192.168.1.254.
You are adding a route that says if the destination address is in the subnet 192.168.2.0/24 use the router at 192.168.1.253.

What does the routing table on 192.168.1.254 look like?

What does the routing table look like on your computer before and after you do the tracert?

It sounds almost as if 192.168.1.254 does not know how to get to 1921.168.2.0/24 and is issuing a ICMP redirect telling the computers to use 192.168.1.253.

Giltjr, your correct in the assumptions about subnets above. However, when I run the utility on the router itself that can perform a traceroute, it does "know" to use 192.168.1.253 as the next hop and succesfully reaches the host...

Is there a way to attach screenhots here on EE?

I'm starting to fear NYTechGuy is onto something (hardware simply not capable to go back out on same interface?)but still haven't heard from Peplink Tech support. Hope it's a simple to fix bug in the firmware and not hardware, the rest of the device is quite nice (loadbalancing and failover and such)

I'll keep you posted.

Which router are you running the trace route on?

You CAN NOT code a route on 192.168.1.254 for 192.168.2.0/24 pointing to 192.168.1.253.

The device at 192.168.1.254 must either have direct access to 192.168.2.0/24 or have a next hop that is in a different subnet.

Say you have 192.168.1.1 (PC1) and it is trying to get to 192.168.2.1 (PC2).
 
PC1 has a route 192.168.2.0/24 --> 192.168.1.253 (R1).

So PC1 send the packet to R1.

Now if R1 has 192.168.2.0/24 next hop is 192.168.1.254 (R2). What is does is since the source (PC1) is on the same subnet as the the REAL next hop, it will send a ICMP redirect packet to PC1 that says, you really want to use R2.  So PC1 starts using R2.

Giltjr,

Thanks for your comment and explanation. So what would be wrong in this case is that my router (192.168.1.254) is not sending that ICMP redirect packet? How can I make it do that? It worked on the previous router....
I'm leaving on holiday tonight so will be a bit slower in monitoring this thread. I'll check what I get back from peplink and assign points based on that, since most of the above suggestions seem to make sense.

Don't hesitate to post if you know the solution though :)

Thanks!

Tijs

O.K. Maybe I have mis understood the situation.  Which router, 192.168.1.254 or 192.168.1.253, actually has the connection to the subnet 192.162.2.0/24?

First, you have the WRONG address for the peplink router -- Default gateway: 192.168.1.254 (peplink router)

No that should be 192.168.1.1 -- or 2,3,4,5.  You have given it a loopback address, and it cannot operate correctly at 254 address, unless you do some special config.  Why do you have it at that address, it does not make sense, is there another router occupying 1.1 or 1.2?  If so, what is it?

scrathcyboy: What?  192.168.1.254 is a valid IP address for a subnet of 192.168.1.0/24.  The valid IP addresses are 192.168.1.1-192.168.1.254.  This is NOT a loopback address.  

I think you really are missing the point -- read again the problem --

"I added static routes on the thing for 192.168.2.0/24 with a gateway of 192.168.1.253 (the VPN router box) and some others, but when i do a tracert to an address in that range on a client (after flushing the routing tables) it still tries to use 192.168.1.254 instead of 253."

The 254 gateway IP is not valid on the domain. tijsjansen if you change the IP of this supposed trans-C router to a lower number, you need to do that and test it first.

NO you missed the point.

--> All clients in 192.168.1.xxx range. Default gateway: 192.168.1.254 (peplink router)

The valid default gateway is 192.168.1.254.

--> I need to redirect a few networks (we use 192.168.1.0/24 locally) to a different router than the default gateway.

For some subnets he needs to use a different router.

So based on the way I am interperting this he has the current default route as 192.168.1.254, which works,  and he needs the route to the 192.168.2.0/24 subnet to be 192.168.1.253.  Something like:


     192.168.1.0/24 <----> 192.168.1.254 <--> the world
            /\
             |
            \/
     192.168.1.253
            /\
             |
            \/
    192.168.2.0/24

Anywho, 192.168.1.254 is a valid IP address.  It is not by any definition or stand the loopback address (loopback address by default are 127.0.0.0/10).  Maybe in your company the standard is to use the ".254" address as a routers loopback and to use the '.1' as the interface address on your routers, but that is the way your company may do it. At one time is was a normal pratice to use ".1" as the routers interface, but that only works when you are using classfull subnets.  Once you get into subneting and classless subnets, you can't have every router interface being ".1", because some subnets will not have a ".1".

The problem he is having is when he attempts to get to 192.168.2.0/24 he is getting there, or attempting to get there, using 192.168.1.254.  If this actually works, that is he can get to 192.168.2.0/24 via 192.168.1.254, then somehow 192.168.1.254 is connected to the 192.168.2.0/24 and 192.168.1.253 is not connected to it.

Wouldn't this be a better way to set everything up?  (credit to GILTJR for the diagram)
   

 192.168.1.0/24 <----> 192.168.1.254 <--> the world
                                               /\
                                               |
                                               \/
                                    192.168.1.253
                                              /\
                                              |
                                              \/
                                   192.168.2.0/24

The problem is that 192.168.1.253 is on subnet 192.168.1.0/24.  Routers do not route between hosts on the same subnet.  

Say I am 192.168.1.44 and I wan't to talk to 192.168.2.99.  If my route statement says to use 192.168.1.254, I will try that.   Now if 192.168.1.254 says to use 192.168.1.253 to get to 192.168.2.0/24, it (192.168.1.254) will see that I (192.168.1.44) am on the same subnet as 192.168.1.253.  It is should send me a ICMP redirect and tell me to use 192.168.1.253.  

Where this could become a problem is when 192.168.2.99 comes back through 192.168.1.253, 192.168.1.253 will see the target address of 192.168.1.44 and go directly to me because we are on the same subnet.  

You can't route between computers on the same subnet, so 192.168.1.254 will not route/forward the traffic from me (192.168.1.44) via 192.168.1.253.

Wow, that's a lot of info.
Sorry for getting back to you on this so late, as mentioned I left on a holiday and no way of connecting to the internet from there (nice and calm :-) )
As giltjr and NYtechGuy correctly stated, this is how it currently looks like:

192.168.1.0/24 <----> 192.168.1.254 <--> the world
                                               /\
                                               |
                                               \/
                                    192.168.1.253
                                              /\
                                              |
                                              \/
                                   192.168.2.0/24

giltjr mentioned : "The problem is that 192.168.1.253 is on subnet 192.168.1.0/24.  Routers do not route between hosts on the same subnet."
That would definitly be a problem in my case. Strange thing is that everything used to work this way when our default gw 192.168.1.254 was a linux machine.
Now that i replaced it with the Peplink device it won't do it. Peplink tech support requested the routers config file and I'll see what they get back with. Based on your hard work and patient explanations I think I should split the points between giltjr and NYtechGuy. I'll post back with comments I get from Peplink tech support and will follow your advice to create a new subnet (192.168.3.0/24 for example) and change the various VPN devices (192.168.1.253, 192.168.1.250, 192.168.1.251 ) IP's accordingly.

Just got this in from Peplink:
Hello Tijs,

Thank you for the configuration file.  We loaded the configuration on an in-house test unit, and will provide further information shortly.

Warm regards,
Raymond

The PePLink Team

Thanks guys, will let you know!

Tijs

Hi Guys,

Peplink provided me with a new firmware for the router, and now it works a charm...
The router will now route between hosts on the same subnet if the static route is set up on the router.
I'm splitting the points between Giltjr and NYtechguy for your efforts and patience.

Thanks!

Tijs