Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Client Routing table with Mobile Ipsec

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 342 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      arossouw02
      last edited by arossouw02

      Good day,
      I've managed to configure mobile vpn with ipsec and I am able to connect to the vpn.
      I'm using cisco vpn ipsec client.
      At the moment i have to manually add a route to the LAN on the other side of the tunnel.
      For example
      route add -host 10.0.0.164 192.168.10.2

      When i execute the following command:
      route -n get 10.0.0.100

      It seems that the route to 10.0.0.0/24 is still passing via the default gateway of the local wifi connection.

      I've searched the internet and found examples where people create bash scripts to populate the routing table.

      This is not ideal, any advice on how i can get the routes to populate automatically?

      1 Reply Last reply Reply Quote 0
      • A
        arossouw02
        last edited by arossouw02

        I found the reason why the routing was problematic.
        My local network is on the network range 10.0.0.0/24.
        I've created an account for a coworker, his local network range is 192.168.0.0/24.
        He doesn't need to add routes and he can connect to any server on the other side of the tunnel.

        The virtual ip pool is set to 192.168.10.0/27. Which can be set VPN -> IPSec -> Mobile Clients -> Virtual Address Pool

        I've made a workaround:
        created a bash script:

        #!/bin/bash

vpn_lanip=`netstat -rn|awk '/192.168.10/{print $2}'|head -1`
if [[ $vpn_lanip != "" ]]; then
   route delete -net 10.0.0.0/24 $vpn_lanip
   route add -net 10.0.0.0/24 $vpn_lanip
fi

        Then created a plist file:
        /Library/LaunchDaemons/network.watcher.plist

        <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
    "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>network.watcher</string>
    <key>ProgramArguments</key>
    <array>
        <string>/bin/bash</string>
        <string>/Users/arno/routes.sh</string>
    </array>
    <key>WatchPaths</key>
    <array>
        <string>/Library/Preferences/SystemConfiguration</string>
    </array>
</dict>
</plist>

        Then activated the network watcher daemon, that performs actions if network changes are detected.

        sudo launchctl load /Library/LaunchDaemons/network.watcher.plist

        There is a slight delay for the route propagation of about 10 seconds, but it works for me.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.