Route to different subnet via VPN

Discussion for BiPAC 7402 series: 7402, 7402G, 7402X, 7402GX, 7402NX..etc
Post Reply
NickWhiteUK
Posts: 3
Joined: Wed May 01, 2013 9:40 am

Route to different subnet via VPN

Post by NickWhiteUK »

Hi All.

I've got a 7402nx. I use an IPsec VPN to connect to my office which is a hub in a hub and spoke model to other sites/subnets.

My local subnet is defined as: 192.168.50.0 / 255.255.255.0
My Office (hub) Subnet is defined as 192.168.100.0 / 255.255.255.0
The VPN my side is defined as: 192.168.0.0 / 255.255.0.0
The VPN office side is : 192.168.50.0 / 255.255.255.0

As I have a /16 subnet definition on the VPN to my office hub, all I have to do is tell the far end spoke networks to push anything to my subnet (.50.x) through to the office hub gateway via the VPN already in place (I literally just stick a static route in to that effect on those firewalls). All this works a treat and I can access the office network and the networks on the far end of those spokes.

However, we have two network on a completely different network range defined as 10.0.1.0 and 10.0.2.0 (both subnetted down to /24 like the other spoke 192.168 networks).

Through my Billion’s web UI I cannot add a static route for these network via the VPN (you can only define lan or wan and neither work in this scenario). I don’t especially want to create direct VPNs to those remote/spoke end networks either. In my mind, the IPSec VPNs on the router should show in the list of interfaces when defining a route. This would be exactly what I need (and is exactly how I do this on my other kit).

Is there a way I can tell my Billion to shove any traffic for those 10.0.x. subnets back down to my office hub on the 192.168.100.x network? I’ve had a bit of a look on the CLI but it’s not obvious if there is a way to do this.

Crappy diagram to illustrate below:
Diagram.JPG
In the above the routing is working fine for everything but Spoke3 as I cannot define a static route from "Me" via a VPN as an interface.

Any help appreciated.
You do not have the required permissions to view the files attached to this post.
RoadKill
Posts: 3
Joined: Sun Jul 29, 2012 9:28 am

Re: Route to different subnet via VPN

Post by RoadKill »

Hey Nick,

If you're still looking for a solution, I think my reply about using CLI to another VPN user could help: viewtopic.php?f=6&t=752#p3464
You probably need something like (replace @ip_pppdevice7 as appropriate):

Code: Select all

ip add route spokes 10.0.0.0 255.255.0.0 interface @ip_pppdevice7
This adds a route to 10.0.x IP addresses over a specific interface.
Syntax: ip add route <route name> <destination base ip address> <subnet mask> interface <interface name>

Hope this helps.
NickWhiteUK
Posts: 3
Joined: Wed May 01, 2013 9:40 am

Re: Route to different subnet via VPN

Post by NickWhiteUK »

Hi RoadKill,

Thanks for the reply and all the helpful information. I did investigate this originally and I've rechecked against your method. However, IPSec VPNs don't appear as an interface. When I list my interfaces I only see the LAN and WAN interfaces.
Interfaces.jpg
I'm pretty sure it's just a failing of these firewalls you can't rout through a IPSec VPN?
You do not have the required permissions to view the files attached to this post.
NickWhiteUK
Posts: 3
Joined: Wed May 01, 2013 9:40 am

Re: Route to different subnet via VPN

Post by NickWhiteUK »

Hi Forum,

I've just upgraded my firmware to 6.04e but still no progress on this? Is anyone able to confirm if this is or is not possible on this model router?

Nick
Post Reply