[mythtv-users] OT: default routes

Hika van den Hoven hikavdh at gmail.com
Wed Sep 23 14:50:14 UTC 2015 

Hoi Jan,

Wednesday, September 23, 2015, 4:24:23 PM, you wrote:

> On 23/09/15 15:26, Hika van den Hoven wrote:
>> Oh, and as I said it's not the traffic, but the build-up and
>> maintenance of the tunnel. If there is a tunnel in existence and I
>> change the default route from the pppoe connection ending on the
>> router to the other new one ending on it's own modem/router and
>> connected through a dedicated nic, the connection is broken!

> Hika,

> This is due to the fact that your tunnel terminates on the gateway
> machine. For this reason, the near end of the VPN tunnel uses the public
> IP address of the egress interface used. So in the above example the
> tunnel terminates on the PPPoE interface's IP address.

So if I move the vpn server from the router to the main server...?
Will be some hassle to set up, but will probably be simpler then the
alternative. I however then still will have to setup some policy
routing.

> When you change the default route while the VPN tunnel is already
> established packets towards the remote VPN client or server are suddenly
> sent using another source IP address, and the remote end can no longer
> decrypt them (because the source IP is typically part of the hash), so
> they are dropped.

I guessed as much. But also a new connection from outside won't build
up!

> So the only solution I can think of is to terminate your VPN connections
> before changing the default route, then re-establish them afterwards. If
> you cannot establish your VPN connection via one of the ISPs then you
> have another problem. Perhaps that ISP uses NAT within its network and
> does not maintain port numbers.

> If you also want to be able to accept VPN connections on this machine,
> rather than only establish outbound connections, then you will also need
> to use dynamic DNS and tell the DDNS server which IP address to use
> (i.e. the public IP address of the interface in question). Also make
> sure that your VPN server is listening for incoming connections on the
> right interface(s) and IP address(es).

I only have incoming, that's why I have the fixed adres. I didn't want
to go through the dynamic DNS path although I might when I finally
come to establishing my own domainname etc. Also now that I have the
two connections, it's a nice split. One for the vpn and one for the
rest.

> HTH, Jan
> _______________________________________________
> mythtv-users mailing list
> mythtv-users at mythtv.org
> http://lists.mythtv.org/mailman/listinfo/mythtv-users
> http://wiki.mythtv.org/Mailing_List_etiquette
> MythTV Forums: https://forum.mythtv.org





Tot mails,
  Hika                            mailto:hikavdh at gmail.com

"Zonder hoop kun je niet leven
Zonder leven is er geen hoop
Het eeuwige dilemma
Zeker als je hoop moet vernietigen om te kunnen overleven!"

De lerende Mens

More information about the mythtv-users mailing list