[mythtv-users] OT: default routes

Jan Ceuleers jan.ceuleers at gmail.com
Wed Sep 23 14:24:23 UTC 2015


On 23/09/15 15:26, Hika van den Hoven wrote:
> Oh, and as I said it's not the traffic, but the build-up and
> maintenance of the tunnel. If there is a tunnel in existence and I
> change the default route from the pppoe connection ending on the
> router to the other new one ending on it's own modem/router and
> connected through a dedicated nic, the connection is broken!

Hika,

This is due to the fact that your tunnel terminates on the gateway
machine. For this reason, the near end of the VPN tunnel uses the public
IP address of the egress interface used. So in the above example the
tunnel terminates on the PPPoE interface's IP address.

When you change the default route while the VPN tunnel is already
established packets towards the remote VPN client or server are suddenly
sent using another source IP address, and the remote end can no longer
decrypt them (because the source IP is typically part of the hash), so
they are dropped.

So the only solution I can think of is to terminate your VPN connections
before changing the default route, then re-establish them afterwards. If
you cannot establish your VPN connection via one of the ISPs then you
have another problem. Perhaps that ISP uses NAT within its network and
does not maintain port numbers.

If you also want to be able to accept VPN connections on this machine,
rather than only establish outbound connections, then you will also need
to use dynamic DNS and tell the DDNS server which IP address to use
(i.e. the public IP address of the interface in question). Also make
sure that your VPN server is listening for incoming connections on the
right interface(s) and IP address(es).

HTH, Jan


More information about the mythtv-users mailing list