custom route not working on windows
Solution 1
You've got 10/8 on a local network interface. Windows will not try to route a packet to a 10/8 subnet (10.21/16 is a subnet of 10/8); there's no routing involved at all.
Solution 2
Your routing table looks correct. It's possible that your VPN network filter driver doesn't use the routing table but routes the packets destined to 10.21.0.0/16 directly to the VPN adapter, or even drops them.
Can you try the same configuration but with your VPN filter driver disabled in the network connection properties? You should see an item for the VPN software in the properties, just uncheck it and click OK to disable it. The image below is from my computer so it doesn't have one. If you don't see any VPN related item either, the VPN software must use the routing table after all, as I don't see how it could bypass it without its own filter driver.
For the record, I added the same routes on my computer and got similar results with the route print
commands, so I'm not sure if they indicate any problem even though it's surprising that 10.21.0.1 gets no matches. I filtered the output to show only the relevant parts.
C:\>route print 10.*
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
10.0.0.0 255.0.0.0 192.168.1.1 192.168.1.2 1
10.21.0.0 255.255.0.0 192.168.1.1 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
C:\>route print 10.21.*
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
10.21.0.0 255.255.0.0 192.168.1.1 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
C:\>route print 10.21.0.1
===========================================================================
Active Routes:
Default Gateway: 192.168.1.1
None
Persistent Routes:
None
The route with the longest matching prefix is always preferred, so the route metric has no effect in this case. The metric is only used if there are two routes with the same prefix.
Related videos on Youtube
Michael Closson
Updated on September 18, 2022Comments
-
Michael Closson almost 2 years
My windows laptop is directly connected to 192.168.1.0/24 (wireless lan). I access 10.21.0.0/16 though a router that is connected to both networks. The routing works fine with this configuration.
I have a VPN, that connects to 10.0.0.0/8. The VPN network doesn't actually use any IPs in the 10.21.0.0/16 range. So I should be able to configure my routing table to route all the 10.21.0.0/16 IPs through the wireless lan, and all other 10.0.0.0/8 through the VPN.
My understanding is that I can do this if the metric for the 10.21.0.0 is lower than that of the 10.0.0.0. The VPN (10.0.0.0) is automatically assigned metric 20. I have manually assigned the WLAN a metric of 1. I manually add an entry to the routing table with this command:
route add 10.21.0.0 mask 255.255.0.0 192.168.1.201 metric 1
The route is then assigned a metric of 2 (which is expected).
The problem is that it doesn't work. I can't ping any machine on the 10.21.0.0 network. But I can access other stuff on the 10.0.0.0. I can also access stuff on the 192.168.1.0.
To debug this i've done the following.
- Run tcpdump on the router (192.168.1.201). I can verify that no packets for 10.21.0.0 arrive on that interface.
- Disable iptables on the router. Disable the windows firewall.
- Run wireshark on my laptop, to try and see which interface the ping requests go to. But I can't see them go anywhere!!
- The ping command doesn't receive any 'destination unreachable' messages.
Here is the relevant section of the routing table.
IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.201 192.168.1.18 2 10.0.0.0 255.0.0.0 On-link 10.55.44.203 20 10.21.0.0 255.255.0.0 192.168.1.201 192.168.1.18 2
Update
As requested, here is the output of
route print 10.21.0.1
C:\>route print 10.21.0.1 =========================================================================== Interface List 17...02 50 f2 00 00 05 ......AGN Virtual Network Adapter 16...a0 88 b4 e1 8f 20 ......Intel(R) Centrino(R) Advanced-N 6205 1...........................Software Loopback Interface 1 10...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter 11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 47...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: None Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: None Persistent Routes: None C:\>
Good catch, here is probably where the problem is. But alas, even adding a route for one specific host that I know is up, doesn't work.
C:\>route print 10.* =========================================================================== Interface List 17...02 50 f2 00 00 05 ......AGN Virtual Network Adapter 16...a0 88 b4 e1 8f 20 ......Intel(R) Centrino(R) Advanced-N 6205 1...........................Software Loopback Interface 1 10...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter 11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 47...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 10.0.0.0 255.0.0.0 On-link 10.76.206.8 20 10.21.0.0 255.255.0.0 192.168.1.201 192.168.1.18 2 10.21.61.1 255.255.255.255 192.168.1.201 192.168.1.18 2 10.76.206.0 255.255.255.0 On-link 10.76.206.8 276 10.76.206.8 255.255.255.255 On-link 10.76.206.8 276 10.76.206.255 255.255.255.255 On-link 10.76.206.8 276 10.255.255.255 255.255.255.255 On-link 10.76.206.8 276 =========================================================================== Persistent Routes: None C:\>ping 10.21.61.1 Pinging 10.21.61.1 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 10.21.61.1: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
If I connect to the router (192.168.1.201) and run tcpdump, I don't see any packets to 10.21.0.0/16 on the interface that the laptop is connected to.
-
Admin almost 12 yearsCan you add a
route print 10.21.0.1
. Also see serverfault.com/a/400456/113375 -
Admin almost 12 yearsJust guessing at the moment: Have you tried to lower the WLAN interface metric? See support.microsoft.com/kb/299540 and windowsreference.com/windows-2000/…
-
Admin almost 12 yearsThanks for the suggestion Thomas. As you can see above, the metric on the WLAN interface (2) is lower that the VPN (20).
-
Michael Closson over 11 yearsI don't have equipment to test two routers. And I think its likely that your answer is correct, so I'll give credit. Thanks!
-
peruukki over 11 years@MichaelClosson You don't need to use a different router, you can try my suggestion with changes on your laptop. I edited my answer to make it clearer.
-
peruukki over 11 years@MichaelClosson I don't have enough reputation to comment Chris S's answer, but he got it right, so you should select his answer instead. Can't believe I missed that.
-
Gngogh over 3 yearsWhat do you mean there is no routing involved? Based on your assumption i would be unable to configure any route on my windows if i have a route for the 0.0.0.0/0 because all routes fall into that subnet. Routing is done based on the longest prefix match. The route for the 10.21.0.0/16 subnet is more specific and therefore should preceed the route for the 10/8.