The scope of this article is to help users get around routing problems when using 2 ethernet cards (NICs). When 2 NICs are used, you will normally need to delete the default route for the intranet.
TunnelMaster can automatically add and delete routes at startup. You may need to do this to get around the WindRiver OS lack of support for classless routing. To do this, you start by deleting the default intranet route using the Routedelete command. Once you've tested the routes using Ping,
You can display the routes by going to the console, logging in, and typing Show Route. You can also display them from your browser, entering http://IPAddress/commands.htm in the URL field. Enter Route in the Show field.
By default, TunnelMaster adds the following routes which are ordered in priority:
The Installer prompts the user for the various addresses and stores them in the IPAddr.ini file. This file is used on startup to load the routing table. We'll use for example the information from the following IPAddr.ini file:
| [ipserver] ipbroadcasting=True serveripaddress=151.12.27.221:FFFFFF00 gatewayipaddress=151.12.27.1 intranetserveripaddress=192.168.100.22:FFFFFF00 intranetgatewayipaddress=192.168.100.1 dnsipaddressprimary=192.168.100.10 dnsipaddresssecondary=192.168.100.11 nbnsipaddressprimary=192.168.100.42 nbnsipaddresssecondary=192.168.100.43 [radiusipaddresses] [vpnclientipaddresses] ipaddressstart1=192.168.100.222 ipaddressend1=192.168.100.230 |
After restarting TunnelMaster, the Show Route comand will display the routing table as follows:
| ROUTE NET TABLE destination gateway flags Refcnt Use Interface -------------------------------------------------------------------- 0.0.0.0 192.168.100.1 3 0 0 fei0 0.0.0.0 151.12.27.1 3 0 0 elt0 151.12.27.0 151.12.27.221 1 0 0 elt0 192.168.100.0 192.168.100.22 1 0 0 fei0 -------------------------------------------------------------------- ROUTE HOST TABLE destination gateway flags Refcnt Use Interface -------------------------------------------------------------------- 127.0.0.1 127.0.0.1 5 1 0 lo0 -------------------------------------------------------------------- |
The initial configuration for TunnelMaster will normally prevent users from accessing the network remotely, since the default route will route everything to the private network. TunnelMaster is aware of the intranetwork anyway, so it's best to delete the first entry.
Use the ROUTEDELETE to delete the default route for the intranetgateway. Then use ROUTEADD to add any addresses to other networks if necessary. Note that you cannot add the subnet masks or metrics with these commands. Use the PING command to verify they're working correctly.
For example, to delete the default route this way:
This will provide a routing table as follows:
| ROUTE NET TABLE destination gateway flags Refcnt Use Interface -------------------------------------------------------------------- 0.0.0.0 151.12.27.1 3 0 0 elt0 151.12.27.0 151.12.27.221 1 0 0 elt0 192.168.100.0 192.168.100.22 1 0 0 fei0 -------------------------------------------------------------------- ROUTE HOST TABLE destination gateway flags Refcnt Use Interface -------------------------------------------------------------------- 127.0.0.1 127.0.0.1 5 1 0 lo0 -------------------------------------------------------------------- |
In this example we may want to add a new route to a RADIUS server at 172.17.6.12, reachable by gateway 192.168.100.1:
| ROUTE NET TABLE destination gateway flags Refcnt Use Interface -------------------------------------------------------------------- 0.0.0.0 151.12.27.1 3 0 0 elt0 151.12.27.0 151.12.27.221 1 0 0 elt0 192.168.100.0 192.168.100.22 1 0 0 fei0 192.168.102.0 192.168.100.1 3 0 0 fei0 -------------------------------------------------------------------- ROUTE HOST TABLE destination gateway flags Refcnt Use Interface -------------------------------------------------------------------- 127.0.0.1 127.0.0.1 5 1 0 lo0 -------------------------------------------------------------------- |
Test the modified routes by using the PING command from the console and also testing from a remote system. The Tunnelmaster Ping does not support name lookups.
After you have verified the routing, now you must make the new routing table persistent by modifying the startup file. This is done through the IPADDR.INI file.
Add a section at the end called "[Routes]". The keywords are "destination<n>" "gateway<n>" and "action<n>", where <n> is the order to enter them in the routing table.
The example below will perform the same operation done by hand in the example above:
Now, the only other thing you need to be aware of is that this file can get totally hosed by the HTML Manager if you make further changes to the addressing via the browser. So always save a copy of the *.ini files in a different directory, or copy them as *.SAV.
Note: A parser bug in the IPaddr.ini file will occur if the intranetserveripaddress is greater than 11 digits. For example, an intranet IP address of 111.222.333.444 will fail, but 111.222.333.44 will work. This affects all TunnelMaster versions 1.11 and below. It will be fixed in a future release. Until then, make sure that your address is 11 digits or less.