Adding a static route to all clients?

[TheMorpN]

Hi all,

Not sure if this is possible, however, is there a way to add a static route to all WiFi clients?

The reason for this that I have one server that is connected to an external VPN and have an AiMesh with 1 node. When clients are connected to the node, they are not able to access the server unless I add a static route the the clients with a destination to the router.

I'm looking for a way to add this route automatically to all wifi clients as soon as they connect.

Is there a way to do this?

 

[ColinTaylor]

Can you give an example of the static route required? There should be no difference in routing between clients connected to the node and clients connect to the main router. Or are you running some third party scripts that effect routing?

 

[eibgrad]

If a device lies outside the network of a given client, then by default, it will turn to its default gateway. It's at the point of the default gateway that you would typically add a static route to the other network and its gateway, NOT on individual clients. Yes, you could do it that way provided you had access to the network stack (not possible w/ closed systems), but again, it's often a LOT easier to simply add the static route to those same clients' default gateway. Any client who has no interest in that server simply never references it.

 

[TheMorpN]

It is a little more complicated.

All my devices are on the same subnet: 192.168.1.0/24

I have my main router at 192.168.1.1 and my aimesh node at 192.168.1.25.

I have one of my servers with an IP of 192.168.1.214 which also has a VPN connection. So, depending on which node (the router or the aimesh node) that any of my other client machines connects to, then it is able to access the server directly (192.168.1.214). However, if the client connects to the aimesh node, then it is not able to reach 192.168.1.214. If I disable the vpn client on 192.168.1.214, everything works fine.

In order to have everything working with the vpn client, I add a static route on my device with the following:
- source: 192.168.1.214
- destination : 192.168.1.1

This works, but I need to put this on every client on my network.

 

[eibgrad]

The short answer is, I don't know of any way to have a connecting wifi client's routing tables reconfigured. The client is autonomous in this regard. You can only change its routing indirectly based on the devices it communicates with. And is sound like that's exactly the problem; once the VPN client connects, it has corrupted its local routing table(s) to the point that *everything* is routed over the VPN, even local traffic! And if that's the case, that's a configuration error on that host. That shouldn't happen. Not unless you've specifically configured the VPN client to NOT allow local network access, which some *company* VPNs do for security reasons. And if that's the case, that VPN client should be placed separate from the server.

 

[TheMorpN]

Everything was working properly, including the local routing table on my server and the clients til I installed an aiMesh node 2 weeks ago.

I've been reading about using dnsmasq option 33 to add a static route to clients. Does anyone know the exact format to use for this?

 

[ColinTaylor]

There's something we're not seeing here. What you say makes no sense.

If all your client's are on network 192.168.1.0/24 then none of them (whether they're on the node or not) need a static route to 192.168.1.214 because it is not a routed connection. In fact adding such a static route would be pointless because all the clients should already have 192.168.1.1 as their default route.

Also, you said you want to set a static route with 192.168.1.214 as the source. There is no source when defining a route.

Maybe AiMesh is doing something strange with the routing table on the node's clients. Have you checked that?

 

[TheMorpN]

There's something we're not seeing here. What you say makes no sense.

If all your client's are on network 192.168.1.0/24 then none of them (whether they're on the node or not) need a static route to 192.168.1.214 because it is not a routed connection. In fact adding such a static route would be pointless because all the clients should already have 192.168.1.1 as their default route.

Also, you said you want to set a static route with 192.168.1.214 as the source. There is no source when defining a route.

Maybe AiMesh is doing something strange with the routing table on the node's clients. Have you checked that?

Totally agree that everything should be working. I've checked so many times the routing table on the aiMesh node, even reset it so many times.

However, if I add the route on the clients, it works perfectly.

Therefore, is there a way to use option 33 on dnsmasq? I'm looking for the exact syntax for it to work if possible.

Thanks.

 

[ColinTaylor]

Totally agree that everything should be working. I've checked so many times the routing table on the aiMesh node, even reset it so many times.

It's not the routing on the node that you need to look at it's the routing on the clients.

However, if I add the route on the clients, it works perfectly.

Therefore, is there a way to use option 33 on dnsmasq? I'm looking for the exact syntax for it to work if possible.

Show us the complete routing table of the client before and after you have applied your fix and we'll know what we're trying to recreate.

 

[TheMorpN]

It's not the routing on the node that you need to look at it's the routing on the clients.


Show us the complete routing table of the client before and after you have applied your fix and we'll know what we're trying to recreate.

So this is what I have on a Win10 PC (before):

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.202     45
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.202    301
    192.168.1.202  255.255.255.255         On-link     192.168.1.202    301
    192.168.1.255  255.255.255.255         On-link     192.168.1.202    301
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.202    301
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.202    301
===========================================================================

This is after, with the route to 192.168.1.214 --> 192.168.1.1 :

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.202     45
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.202    301
    192.168.1.202  255.255.255.255         On-link     192.168.1.202    301
    192.168.1.214  255.255.255.255      192.168.1.1    192.168.1.202     46
    192.168.1.255  255.255.255.255         On-link     192.168.1.202    301
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.202    301
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.202    301
===========================================================================

 

[ColinTaylor]

Create a /jffs/configs/dnsmasq.conf.add file as follows:

dhcp-option=lan,33,192.168.1.214,192.168.1.1

 

[TheMorpN]

Create a /jffs/configs/dnsmasq.conf.add file as follows:

dhcp-option=lan,33,192.168.1.214,192.168.1.1

Let me try. Is there a way to restart dnsmasq for this to take effect, or do I need to reboot the router?

Thanks again.

 

[ColinTaylor]

service restart_dnsmasq

Then disconnect and reconnect the client.

 

[TheMorpN]

Let me try. Is there a way to restart dnsmasq for this to take effect, or do I need to reboot the router?

Thanks again.

So far, everything seems to be working. I'll let you know if any issues. Thanks again for all your help @ColinTaylor

 

[TheMorpN]

So, after 1 week. The routes that I added in dnsmasq are no longer being pushed to the clients.

I can see the entry in dnsmasq.conf, however the clients are no longer getting this option.

I have not reboot the router yet, but I think this is something that I will have to do.

My question is, is this normal, that the options in dnsmasq.conf are pushed to clients for about a week and then they stop working again.

I am using the latest firmware, btw, on the main router (384.18) and also the latest on the aimesh node (3.0.0.4.384_81992-gdc7a780).

 

[ColinTaylor]

If you make the clients connect to the main router rather than the node do they pick up the additional route?

There does seem to be something fundamentally broken with the behaviour of the node from what you've said. Can you try a different firmware version on it?

 

[TheMorpN]

That is an interesting question. If I connect the client to the main router, I don't need to have the additional route for it to connect to the server that I mentioned (192.168.1.214), so this will work regardless if I have the route or not. However, I did confirm that my windows pc does get the route if I connect to the main router.

I have tried to using a few different firmwares on my node, (the latest 2 from merlin and latest 2 from asus). I really think that the way Asus implemented their mesh system is not the most optimal way....

 

[ColinTaylor]

However, I did confirm that my windows pc does get the route if I connect to the main router.

I don't use AiMesh so I have no idea how the nodes work. But it sounds like the node is running it own independent DHCP server and acting like a router instead of an access point. Maybe the node is loosing its connection to the router and going into some sort of fall-back mode. Or maybe that's normal.

Can you log onto the node and examine its syslog for suspicious messages. It would also be interesting to see if it is running its own copy of dnsmasq.

 

[TheMorpN]

So far, I am not too happy with how Asus implemented their aiMesh system.

I checked the node's syslog, there is nothing in there other than the general entries to when a client connects to wifi (Auth and Assoc commnds).

I did check as well for dnsmasq, and it is not running on the node.

So, right now, I am at a lose to see what is happening....I will try a few other firmwares and keep testing... :-(

 

[TheMorpN]

Just to let you know that I have wiped everything from my node and main router and uploaded merlins 384.18 firmware on both devices.

Lets see what happens this time....