Issue with routes

system · March 14, 2015, 8:43pm

Hi,
I am struggling with setting up Vyos for a home lab. My current setup is illustrated blow. The problem is traffic originating from the 192.168.1.0/26 network is not being routed through vyos router. I have also included the output of the vyos configuration and the network settings from computers in each of the networks. The 10.10.50.0/24 network is only for testing and playing it does not need internet access ie I don’t want any static routes to my home router.
I can ping from the 10.10.50.1 to the 192.168.1.66 and get the response, but if the ping initiates from the 192.168.1.66 then i get a network unreachable. Any help is greatly appreciated.

vyos configuration

 show configuration
interfaces {
    ethernet eth0 {
        address 10.10.50.254/24
        hw-id 00:0c:29:57:fa:79
    }
    ethernet eth1 {
        address 192.168.1.126/26
        duplex auto
        hw-id 00:0c:29:57:fa:6f
        smp_affinity auto
        speed auto
    }
    loopback lo {
    }
}
service {
    ssh {
        port 22
    }
}
system {
    config-management {
        commit-revisions 20
    }
    console {
        device ttyS0 {
            speed 9600
        }
    }
    host-name vyos
    login {
        user vyos {
            authentication {
                encrypted-password ****************
            }
            level admin
        }
    }
    ntp {
        server 0.pool.ntp.org {
        }
        server 1.pool.ntp.org {
        }
        server 2.pool.ntp.org {
        }
    }
    package {
        auto-sync 1
        repository community {
            components main
            distribution helium
            password ****************
            url http://packages.vyos.net/vyos
            username ""
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone UTC
}

vyos ip routes

vyos@vyos:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

C>* 10.10.50.0/24 is directly connected, eth0
C>* 127.0.0.0/8 is directly connected, lo
C>* 192.168.1.64/26 is directly connected, eth1

10.10.50.1 host settings are:
ip 10.10.50.1
netmask 255.255.255.0
gateway 10.10.50.254

192.168.1.66 host settings:

eth0      Link encap:Ethernet  HWaddr 00:0c:29:f4:a2:63  
          inet addr:192.168.1.66  Bcast:192.168.1.127  Mask:255.255.255.192
          inet6 addr: fe80::20c:29ff:fef4:a263/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2314 errors:0 dropped:0 overruns:0 frame:0
          TX packets:696 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:326055 (318.4 KiB)  TX bytes:77924 (76.0 KiB)

routing info for the 192.168.1.66:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         router.asus.com 0.0.0.0         UG    0      0        0 eth0
10.10.50.0      192.168.1.126   255.255.255.0   UG    0      0        0 eth0
192.168.1.64    *               255.255.255.192 U     0      0        0 eth0

charlie · March 14, 2015, 9:24pm

dfclin,

Have you run tcpdump on the vyos box to see what traffic is being routed?

Switch to root (sudo su) then tcpdump -i eth0 host 10.10.50.1 and look for ICMP request and replys. Do this on interface eth1 too. If you need to weed out some traffic like SSH do “host 10.10.50.1 and not port 22” – this sould give you an idea of where traffic is hanging up along your routes.

JFL · March 18, 2015, 8:01am

The configuration looks correct to me, that’s weird. I agree with charlie, a tcpdump may help

For testing purpose could you change the default gateway on the 192.168.1.66 machine to set it to 192.168.1.126 ?

mirias · March 18, 2015, 10:10am

How far does your ping get from the outside network? For example, are you only able to ping 192.168.1.126, or are you getting blocked? If you are getting responses from eth1, then can you reach eth0’s 10.10.50.254? If this fails, then you could try manually changing your gateway on the outside network to .126 and see if that works. If that also fails, then you know the issue is likely inside your VyOS router. In this case, monitoring your internal activity would be the way to go.

However, if your test succeeds by changing the gateway, then your issue is likely with your ASUS router. My opinion is that your problem is with your outside network.