Static Routes over VPN

Leslie79 · May 12, 2021, 12:03pm

Hi,

Using a Flexy 205 with FW 14.3s0

Ewon is set to allow internet traffic as described in kb-0069-00-en-access-internet-via-ewon-beside-talk2m-vpn.pdf and it is working perfectly.

However I have also set static routes for other vlans on my LAN side.
These work as expected except when I try to connect to them through VPN (eCatcher).

I had read somewhere else on the forums that static routes through VPN are not working really well so I was wondering if there is some sort of fix or update to resolve this ?
Reference: LAN side Gateway mapping - #6 by hms_support

Kind regards,
Leslie

kyle_HMS · May 12, 2021, 12:12pm

The reason it does not work, is because you need to set up a static route on the PC in order to reach other VLANs through eCatcher. This is not a bug, it’s just the way that routing works. The PC needs to know which network adapter and gateway to use to get to the VLAN.

Leslie79 · May 12, 2021, 7:18pm

Thank you for your time.

I have got it working now by adding the Windows route to the destination network with its gateway being the VPN IP address on the Ewon side.

It makes sense when you think about it. The destination is forwarded over the VPN and I assume it then looks at the static routes defined in the Ewon settings. Correct me if I’m wrong.

On a side note I wonder why when I use the built-in VPN of my Fortigate firewall, the static routes defined in the device are immediately available to me. I don’t have to add a route in Windows. Or maybe the client software does that for me?

Just trying to understand the difference in mechanics of both devices.

Anyways thanks for the help.

kyle_HMS · May 12, 2021, 7:39pm

That’s correct.

I imagine that when the client connects, the server (firewall) forwards those routes to the client, and the client adds the routes on the host (Windows PC). I have asked Ewon to add a feature like this to eCatcher and I hope that they will soon.

jared.callahan · February 20, 2023, 1:03pm

I know this is an older thread, but did the feature request for pushing routes to Windows from eCatcher go anywhere? This feature is almost necessary when the Ewon is connected to any network with multiple VLANs. If there is a place to vote for feature requests, I would like to put a vote in for that one.

kyle_HMS · February 21, 2023, 2:25pm

Hi @jared.callahan,

This is something that I have been pushing for for quite some time, but unfortunately, it’s still not implemented. It’s still something that needs to be scripted or setup manually.

One workaround that I have seen customers use to get around this is to setup their own VPN server as opposed to using T2M and eCatcher with the Ewons. This is especially popular if they need client to client communications.

I will send you an email and CC our Business Development Manager for Ewon Americas, who has a direct line to the Ewon Developers. He brings feature requests like this to them and if he can show that not having this feature can prevent customers from using the platform, it’s very helpful to motivate development.

Best Regards,

Kyle Reynolds

lam373 · August 23, 2023, 4:36pm

Kyle,

This topic is a few years old, but has this feature been added to the Flexy?

-Larry

kyle_HMS · August 23, 2023, 7:27pm

Hi @lam373,

This is a feature that would have to be added to eCatcher, not the Flexy. The Flexy already supports adding static routes. Currently, in eCatcher, you can only add a static route to a remote LAN IP address, which helps for IP conflicts, but there is no way to add a static route to another network. That must be done in Windows.

Can you tell me about your use case?