After VPN is set, the existing Intranet cannot solve the problem.

Source: Internet
Author: User

In many cases, VPN is not connected to multiple branch networks as a network device in conventional applications. In most personal applications, some problems may occur. For example, some servers in the original Intranet cannot access the VPN, such as the OA system. Is there a solution? If you have learned about the Internet, you must know that there is a solution. Add a static route.

Next I will explain how to add a static route under Windows and Linux systems.

Set static routes in Windows:

Command: route add

The details are as follows:

C: \ Users \ Administrator> route add?


Operate the network route table.


ROUTE [-f] [-p] [-4 |-6] command [destination]

[MASK netmask] [gateway] [METRIC metric] [IF interface]


-F clears the route tables of all gateway entries. If

Before running the command,

Route tables should be cleared.


-P is used in combination with the ADD command to set the route

Remain unchanged during system boot. By default, When you restart the system,

Do not save the route. Ignore all other commands,

This will always affect the corresponding permanent route. Windows 95

This option is not supported.


-4. Use IPv4.


-6 Use IPv6 forcibly.


Command:

PRINT route

ADD route entry

DELETE route entries

CHANGE modify existing route

Destination specifies the host.

MASK specifies the next parameter as the "network MASK" value.

Netmask specifies the subnet mask value of this route entry.

If not specified, the default value is 255.255.255.255.

Gateway.

The interface number of the route.

METRIC specifies the number of hops, such as the cost of the target.


All the symbols used for the target can be found in the network database.

File NETWORKS. The symbol names used for the gateway can all be in the Host Name

Find the database file HOSTS.


If the command is PRINT or DELETE. The target or gateway can be a wildcard,

(Specify the asterisk (*) as the wildcard. Otherwise, the gateway parameter may be ignored.


If Dest contains a * Or ?, It will be treated as the Shell mode, and only

Print the matched route. "*" Matches any string,

And "?" Match any character. Example: 157. *. 1, 157. *, 127. *, * 224 *.


Mode matching is only allowed in the PRINT command.

Diagnostic information note:

An error is generated for an invalid MASK, that is, when (DEST & MASK )! = DEST.

Example:> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1

Failed to add route: the specified mask parameter is invalid.

(Destination & Mask )! = Destination.


Example:


> Route PRINT

> Route PRINT-4

> Route PRINT-6

> Route PRINT 157 *... only the items matching 157 * are printed.


> Route ADD 157.0.0.0 MASK route 0.0.0 157.55.80.1 METRIC 3 IF 2

Destination ^ mask ^ gateway metric ^

Interface ^

IF is not given, it will try to find the optimal Gateway

Interface.

> Route ADD 3ffe:/32 3ffe: 1


> Route CHANGE 157.0.0.0 MASK route 0.0.0 157.55.80.5 METRIC 2 IF 2


CHANGE is only used to modify the gateway and/or the number of hops.


> Route DELETE 157.0.0.0

> Route DELETE 3ffe:/32

Example:

My original network has four private network segments: 192.168.1.0/24, 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24, and 192.168.4.0/24. I am in the CIDR Block 192.168.4.0/24. After I dial the VPN, the IP address becomes a public network address: 114.114.114.111. The problem arises. At this time, 114.114.114.111 and my 192.168.4.0/24 do not belong to one network, and of course they cannot communicate with each other, and they are both public and private networks. The firewall will reject access between them.

If I only want to access the CIDR Block 192.168.1.0/24, run the following command:


C: \ Users \ Administrator>Route add 192.168.1.0 mask 255.255.255.0 192.168.4.1

This command is used to access the CIDR Block 192.168.1.0/24 and go to 192.168.4.1, that is, my local Intranet gateway.

To access the entire CIDR Block 192.168.0.0/16, run the following command:


C: \ Users \ Administrator>Route add 192.168.1.0 mask 255.255.255.0 192.168.4.1

This statement means to access all the data in the CIDR Block 192.168.0.0/16 from the local Intranet gateway 192.168.4.1, and other data from the VPN line.

Note: The preceding commands are only added at zero time. If the NIC or host is re-configured, how can the configuration be lost. If you want to add this static route permanently, you need to add the parameter-p after the entire command. As follows:


C: \ Users \ Administrator>Route add 192.168.1.0 mask 255.255.255.0 192.168.4.1-p

If you do not want this static route, use delete route X. X to delete it.

Usage:Route printTo print the route table



How to configure static routes in Linux:

Command: route add

The details are as follows:

[Root @ XXOO wwwroot] # route?

Usage: route [-nNvee] [-FC] [<AF>] List kernel routing tables

Route [-v] [-FC] {add | del | flush}... Modify routing table for AF.


Route {-h | -- help} [<AF>] Detailed usage syntax for specified AF.

Route {-V | -- version} Display version/author and exit.


-V, -- verbose be verbose

-N, -- numeric don't resolve names

-E, -- extend display other/more information

-F, -- fib display Forwarding Information Base (default)

-C, -- cache display routing cache instead of FIB


<AF> = Use '-A <af>' or '-- <af>'; default: inet

List of possible address families (which support routing ):

Inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)

Netrom (ampr net/ROM) ipx (Novell IPX) ddp (Appletalk DDP)

In Linux, the method for adding a static route is similar to that for Windows. You only need to repair multiple permanent routes in Linux.

Add a host route in Linux: Specify the route to a host

[Root @ XXOO wwwroot] # route add-host 192.168.1.10 mask 255.255.255.0 gw 192.168.4.1

This command means that I want to go to 192.168.1.10. This host needs to go to my local gateway 192.168.4.1.

Network Routing in Linux: Specify the route to a specific network segment

[Root @ XXOO wwwroot] # route add-net 0.0.0.0 mask 0.0.0.0 gw 192.168.4.1

This command means that the data arriving at all networks goes through 192.168.4.1

Usage:Route-nTo print the route table

Other reference commands:

I. Use the route command to add
If you use the route entry added by the route command, the route becomes invalid after the machine is restarted or the NIC is restarted. The method is as follows:
// Route entry to the host
# Route add-host 192.168.1.11 dev eth0
# Route add-host 192.168.1.12 gw 192.168.1.1
// Route added to the network
# Route add-net 192.168.1.11 netmask 255.255.255.0 eth0
# Route add-net 192.168.1.11 netmask 255.255.255.0 gw 192.168.1.1
# Route add-net 192.168.1.0/24 eth1
// Add a default gateway
# Route add default gw 192.168.2.1
// Delete a route
# Route del-host 192.168.1.11 dev eth0


Ii. How to set a permanent route in linux:
1. Add in/etc/rc. local
Method:
Route add-net 192.168.3.0/24 dev eth0
Route add-net 192.168.2.0/24 gw 192.168.2.254

2. Add to the end of/etc/sysconfig/network
Method: GATEWAY = gw-ip or GATEWAY = gw-dev

3./etc/sysconfig/static-routes: (manually create a file without static-routes)
Any net 192.168.3.0/24 gw 192.168.3.254
Any net 10.250.228.128 netmask 255.255.255.192 gw 10.250.228.129


4. Enable IP forwarding:
# Echo "1">/proc/sys/net/ipv4/ip_forward (temporary)
# Vi/etc/sysctl. conf --> net. ipv4.ip _ forward = 1 (permanently enabled)


This article from the "Flying Pig" blog, please be sure to keep this source http://thinkpig007.blog.51cto.com/971471/1284789

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.