Hi there,
I have an issue with traffic not being routed down an IPSec tunnel I have up and running on a WR11 Digi modem (firmware version 8.4.0.3)
The tunnel is up and working.
My local subnet (corporate headquarters) is 10.1.0.0/16 my remote subnet (Digi modem) is 10.90.3.0/24. The routing table looks right:
10.1.0.0/16 184.151.233.150 1 IPsec - PPP 1 UP
10.90.3.0/24 10.90.3.1 1 Local - ETH 0 UP
184.151.233.148/30 184.151.233.150 1 Local - PPP 1 UP
However when I run traceroute it shows something very odd:
Tracing route to 10.1.5.218, max 30 hops
1 * * * Unknown
2 50 ms 50 ms 70 ms 10.4.215.197
3 50 ms 60 ms 40 ms 10.8.1.33
4 40 ms 40 ms 50 ms 10.55.129.155
5 100 ms 70 ms 80 ms 10.55.129.154
6 90 ms 80 ms 80 ms 64.230.76.208
7 100 ms 70 ms 80 ms 64.230.78.234
8 80 ms 80 ms 80 ms 64.230.158.57
9 80 ms 80 ms 90 ms 64.230.160.187
10 110 ms 80 ms 90 ms 172.25.122.21
11 70 ms 80 ms 80 ms 172.25.122.22
12 80 ms 80 ms 80 ms 172.25.123.17
13 90 ms 70 ms 80 ms 172.25.50.98
Despite the routing table (and the fact a 10.x.x.x address should never be routed to the internet) it appears to be routing traffic out the internet interface.
The really interesting thing is that I can ping the Digi from my corporate network side of the tunnel.
And I can also ping from the Digi side of things if I connect a device to the digi modem. So for example if I connect a laptop I can ping to the corporate LAN.
So it seems when the traffic originates from this end of the tunnel the digi knows to route it back down the IPSEC tunnel. But when the traffic originates from the Digi modem itself it routes it out to the internet.
Can anyone assist me with fixing this please?
Regards, John.