Solved: Routing return traffic for OpenVPN

Paul Martin · ‎04-14-2016

I'm by no means a "network tech" however, I'm just technical enough to get in trouble. I have been banging my head over this problem for roughly a month now. This is my first post, ANY advice is welcome, as I'm sure the below config could be optimized.

Scene setter:

I'm currently serving overseas, and would like to be able to route my overseas network traffic over a VPN back to my home to obtain my US ISP IP to watch "American" TV. I have an OpenWrt client in my overseas location connected and working to my OpenWrt OpenVPN server.

The OpenVPN server sits behind a Cisco 2821 router running IOS 15 that is connected to a bridged cable modem to my ISP with the FW turned off and all passthrough turned on. My VPN tunnel works flawlessly to my LAN, as if I'm sitting in my chair at home (in fact I'm remoted into my home Server to send this) however, I cannot get out to the internet via ping, or via DNS.

My LAN operates on the 10.0.0.0/24 network, and I have my VPN riding the 10.1.1.1/24 network, using port 10001

(You will also note I have a Cisco VPN set up to run a soft Cisco VPN client, it too only accesses the LAN-initially by design)

Below is my config (not sure how to post just the code, please forgive the mess):

R1#sh run

Building configuration...

Current configuration : 8383 bytes

!

! Last configuration change at 18:30:40 UTC Mon Apr 11 2016 by me

version 15.1

service config

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 $1$3FMk$ainv0tC4YAqCxszYuytLO/

!

aaa new-model

!

aaa authentication login default local

aaa authentication login ciscocp_vpn_xauth_ml_1 local

aaa authorization exec default local

aaa authorization network ciscocp_vpn_group_ml_1 local

!

aaa session-id common

!

dot11 syslog

no ip source-route

!

ip cef

!

ip dhcp excluded-address 10.0.0.1 10.0.0.30

!

ip dhcp pool test

import all

network 10.0.0.0 255.255.255.0

dns-server 8.8.8.8

default-router 10.0.0.1

!

ip dhcp pool Switch

host 10.0.0.4 255.255.255.0

client-identifier 0100.1c10.1c3c.3f

client-name Cisco-Linksys

!

ip dhcp pool Receiver

host 10.0.0.5 255.255.255.0

client-identifier 0100.05cd.2240.4d

client-name Denon

!

ip domain name my.server.com

ip name-server 8.8.8.8

ip name-server 216.146.35.35

ip name-server 216.146.36.36

ip dhcp-client update dns server both

no ipv6 cef

!

multilink bundle-name authenticated

!

voice-card 0

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-4170320544

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-4170320544

revocation-check none

rsakeypair TP-self-signed-4170320544

!

crypto pki certificate chain TP-self-signed-4170320544

certificate self-signed 01

6E65642D 3082022B 30820194 A0030201 494F532D 02020101 300D0609 2A864886

31312F30 2D060355 F70D0101 04031326 53656C66 2D536967 43657274 05050030

quit

!

license udi pid CISCO2821 sn FTX1332AJ9S

username Bionic privilege 10 secret 4 0.7.5uddTBi..dB4EPD5drOljE5DbmC6EYgRLs4zCH2

username paulypizal privilege 15 view root secret 4 KUn3Nj47kw9Gsfo508bVJjzZZpn9QmzJ7os7Kxl7yuw

username admin privilege 15 secret 4 KUn3Nj47kw9Gsfo508bVJjzZZpn9QmzJ7os7Kxl7yuw

!

redundancy

!

no ip ftp passive

ip ssh port 2022 rotary 1

!

class-map type inspect match-any SDM_AH

match access-group name SDM_AH

class-map type inspect match-any SDM_ESP

match access-group name SDM_ESP

!

crypto ctcp port 10000

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group Home

key xxxxxxxxxxxxx

pool SDM_POOL_1

acl 101

include-local-lan

max-users 5

netmask 255.255.255.0

banner ^CYou have reached My ROUTER!^C

crypto isakmp profile ciscocp-ike-profile-1

match identity group Home

client authentication list ciscocp_vpn_xauth_ml_1

isakmp authorization list ciscocp_vpn_group_ml_1

client configuration address respond

virtual-template 1

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto ipsec profile CiscoCP_Profile1

set security-association idle-time 1800

set transform-set ESP-3DES-SHA

set isakmp-profile ciscocp-ike-profile-1

!

interface Loopback0

ip address 172.16.0.1 255.255.255.0

!

interface GigabitEthernet0/0

description Outside World$FW_OUTSIDE$

ip address dhcp

ip flow ingress

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/1

description Inside World$ETH-LAN$$FW_INSIDE$

ip address 10.0.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface Virtual-Template1 type tunnel

ip unnumbered Loopback0

tunnel mode ipsec ipv4

tunnel protection ipsec profile CiscoCP_Profile1

!

ip local pool SDM_POOL_1 172.16.0.2 172.16.0.50

ip forward-protocol nd

ip http server

ip http access-class 1

ip http authentication local

ip http secure-server

ip http secure-port 8443

!

ip flow-export destination 10.0.0.69 2055

!

ip dns server

ip nat inside source list 2 interface GigabitEthernet0/0 overload

ip nat inside source static tcp 10.0.0.10 8080 interface GigabitEthernet0/0 8080

ip nat inside source static tcp 10.0.0.10 32400 interface GigabitEthernet0/0 32400

ip nat inside source static tcp 10.0.0.10 8083 interface GigabitEthernet0/0 8083

ip nat inside source static tcp 10.0.0.10 22 interface GigabitEthernet0/0 22

ip nat inside source static tcp 10.0.0.10 80 interface GigabitEthernet0/0 80

ip nat inside source static tcp 10.0.0.9 8084 interface GigabitEthernet0/0 8084

ip nat inside source static tcp 10.0.0.10 5050 interface GigabitEthernet0/0 8085

ip nat inside source static tcp 10.0.0.15 3074 interface GigabitEthernet0/0 3074

ip nat inside source static udp 10.0.0.15 3074 interface GigabitEthernet0/0 3074

ip nat inside source static tcp 10.0.0.12 1723 interface GigabitEthernet0/0 1723

ip nat inside source static udp 10.0.0.3 10001 interface GigabitEthernet0/0 10001

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 196.xxx.xxx.1

ip route 10.1.1.0 255.255.255.0 10.0.0.3 ## I had to add this for OpenVPN LAN access

!

ip access-list extended vtyacl

remark left open for ANY restrict later to IP

remark CCP_ACL Category=17

permit ip 10.0.0.0 0.0.0.255 any

permit tcp any any eq 2022

!

access-list 1 permit any

access-list 2 remark CCP_ACL Category=2

access-list 2 permit 10.0.0.0 0.0.0.255

access-list 100 permit ip any any

access-list 101 remark CCP_ACL Category=4

access-list 101 permit ip 10.0.0.0 0.0.0.255 any

access-list 101 permit ip 10.1.1.0 0.0.0.255 any

access-list 101 permit ip any any

access-list 102 remark CCP_ACL Category=128

access-list 102 permit ip host 255.255.255.255 any

access-list 102 permit ip 127.0.0.0 0.255.255.255 any

access-list 105 remark CCP_ACL Category=1

access-list 105 permit tcp any any eq 10000

access-list 106 remark CCP_ACL Category=1

access-list 106 permit tcp any any eq 10000

!

snmp-server community public RO

snmp-server ifindex persist

!

control-plane

!

mgcp profile default

!

banner login ^CCCWelcome to the Martin Router!^C

!

line con 0

line aux 0

line vty 0 3

access-class 101 in

password xxx

transport input all

line vty 4

access-class vtyacl in

password xxx

rotary 1

transport input ssh

line vty 5 15

access-class vtyacl in

rotary 1

transport input ssh

line vty 16 924

access-class 102 in

no exec

transport input none

!

scheduler allocate 20000 1000

ntp update-calendar

ntp server pool.ntp.org

end

R1#sh ip inter

GigabitEthernet0/0 is up, line protocol is up

Internet address is 96.59.238.190/18

Broadcast address is 255.255.255.255

Address determined by DHCP

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is not set

Proxy ARP is enabled

Local Proxy ARP is disabled

Security level is default

Split horizon is enabled

ICMP redirects are always sent

ICMP unreachables are always sent

ICMP mask replies are never sent

IP fast switching is enabled

IP fast switching on the same interface is disabled

IP Flow switching is disabled

IP CEF switching is enabled

IP CEF switching turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is disabled

IP route-cache flags are Fast, CEF

Router Discovery is disabled

IP output packet accounting is disabled

IP access violation accounting is disabled

TCP/IP header compression is disabled

RTP/IP header compression is disabled

Policy routing is disabled

Network address translation is enabled, interface in domain outside

BGP Policy Mapping is disabled

Input features: Stateful Inspection, Ingress-NetFlow, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check

Output features: Post-routing NAT Outside, Stateful Inspection, NAT ALG proxy, Post-Ingress-NetFlow

WCCP Redirect outbound is disabled

WCCP Redirect inbound is disabled

WCCP Redirect exclude is disabled

GigabitEthernet0/1 is up, line protocol is up

Internet address is 10.0.0.1/24

Broadcast address is 255.255.255.255

Address determined by non-volatile memory

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is not set

Proxy ARP is enabled

Local Proxy ARP is disabled

Security level is default

Split horizon is enabled

ICMP redirects are always sent

ICMP unreachables are always sent

ICMP mask replies are never sent

IP fast switching is enabled

IP fast switching on the same interface is disabled

IP Flow switching is disabled

IP CEF switching is enabled

IP CEF switching turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is disabled

IP route-cache flags are Fast, CEF

Router Discovery is disabled

IP output packet accounting is disabled

IP access violation accounting is disabled

TCP/IP header compression is disabled

RTP/IP header compression is disabled

Policy routing is disabled

Network address translation is enabled, interface in domain inside

BGP Policy Mapping is disabled

Input features: Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, MCI Check

Output features: NAT Inside, Stateful Inspection, NAT ALG proxy, Post-Ingress-NetFlow

WCCP Redirect outbound is disabled

WCCP Redirect inbound is disabled

WCCP Redirect exclude is disabled

Loopback0 is up, line protocol is up

Internet address is 172.16.0.1/24

Broadcast address is 255.255.255.255

Address determined by non-volatile memory

MTU is 1514 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is not set

Proxy ARP is enabled

Local Proxy ARP is disabled

Security level is default

Split horizon is enabled

ICMP redirects are always sent

ICMP unreachables are always sent

ICMP mask replies are never sent

IP fast switching is enabled

IP fast switching on the same interface is disabled

IP Flow switching is disabled

IP CEF switching is enabled

IP CEF switching turbo vector

IP Null turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is disabled

IP route-cache flags are Fast, CEF

Router Discovery is disabled

IP output packet accounting is disabled

IP access violation accounting is disabled

TCP/IP header compression is disabled

RTP/IP header compression is disabled

Policy routing is disabled

Network address translation is disabled

BGP Policy Mapping is disabled

Input features: MCI Check

Output features: Post-Ingress-NetFlow

WCCP Redirect outbound is disabled

WCCP Redirect inbound is disabled

WCCP Redirect exclude is disabled

NVI0 is up, line protocol is up

Interface is unnumbered. Using address of Loopback0 (172.16.0.1)

Broadcast address is 255.255.255.255

MTU is 1514 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is not set

Proxy ARP is enabled

Local Proxy ARP is disabled

Security level is default

Split horizon is enabled

ICMP redirects are always sent

ICMP unreachables are always sent

ICMP mask replies are never sent

IP fast switching is disabled

IP fast switching on the same interface is disabled

IP Flow switching is disabled

IP CEF switching is disabled

IP Null turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is disabled

IP route-cache flags are Fast, CEF

Router Discovery is disabled

IP output packet accounting is disabled

IP access violation accounting is disabled

TCP/IP header compression is disabled

RTP/IP header compression is disabled

Policy routing is disabled

Network address translation is disabled

BGP Policy Mapping is disabled

Input features: MCI Check

Output features: Post-routing NAT NVI Output, Post-Ingress-NetFlow

WCCP Redirect outbound is disabled

WCCP Redirect inbound is disabled

WCCP Redirect exclude is disabled

Virtual-Template1 is up, line protocol is down

Interface is unnumbered. Using address of Loopback0 (172.16.0.1)

Broadcast address is 255.255.255.255

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is not set

Proxy ARP is enabled

Local Proxy ARP is disabled

Security level is default

Split horizon is enabled

ICMP redirects are always sent

ICMP unreachables are always sent

ICMP mask replies are never sent

IP fast switching is enabled

IP fast switching on the same interface is disabled

IP Flow switching is disabled

IP CEF switching is enabled

IP CEF switching turbo vector

IP Null turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is disabled

IP route-cache flags are Fast, CEF

Router Discovery is disabled

IP output packet accounting is disabled

IP access violation accounting is disabled

TCP/IP header compression is disabled

RTP/IP header compression is disabled

Policy routing is disabled

Network address translation is disabled

BGP Policy Mapping is disabled

Input features: MCI Check

Output features: Post-Ingress-NetFlow

Post encapsulation features: IPSEC Post-encap output classification

WCCP Redirect outbound is disabled

WCCP Redirect inbound is disabled

WCCP Redirect exclude is disabled

R1#sh ip access-lists

Standard IP access list 1

10 permit any (58 matches)

Standard IP access list 2

10 permit 10.0.0.0, wildcard bits 0.0.0.255 (803361 matches)

Extended IP access list 100

10 permit ip any any

Extended IP access list 101

10 permit ip 10.0.0.0 0.0.0.255 any (4664 matches)

11 permit ip 10.1.1.0 0.0.0.255 any (567 matches)

12 permit ip any any (5396 matches)

Extended IP access list 102

10 permit ip host 255.255.255.255 any

20 permit ip 127.0.0.0 0.255.255.255 any

Extended IP access list 105

10 permit tcp any any eq 10000

Extended IP access list 106

10 permit tcp any any eq 10000

Extended IP access list vtyacl

10 permit ip 10.0.0.0 0.0.0.255 any (2 matches)

20 permit tcp any any eq 2022 (17 matches)

R1#

______________________________________________________________________________________________________________________________________________________________________________________________________________________________________

From Overseas LAN:

C:\Users\Paul>route print

===========================================================================

Interface List

9...f0 1f af 1f 97 c9 ......Realtek PCIe FE Family Controller

10...1e 85 56 78 f9 49 ......Microsoft Wi-Fi Direct Virtual Adapter

24...02 c0 c8 28 89 01 ......BlackBerry Virtual Private Network

29...00 ff f6 42 c4 39 ......TAP-Windows Adapter V9

23...bc 85 56 78 f9 49 ......Dell Wireless 1705 802.11b/g/n (2.4GHZ)

13...bc 85 56 78 f9 4a ......Bluetooth Device (Personal Area Network)

1...........................Software Loopback Interface 1

28...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter

14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4

57...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.127 25

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

169.254.0.0 255.255.0.0 On-link 169.254.211.218 261

169.254.211.218 255.255.255.255 On-link 169.254.211.218 261

169.254.255.255 255.255.255.255 On-link 169.254.211.218 261

192.168.1.0 255.255.255.0 On-link 192.168.1.127 281

192.168.1.127 255.255.255.255 On-link 192.168.1.127 281

192.168.1.255 255.255.255.255 On-link 192.168.1.127 281

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.1.127 281

224.0.0.0 240.0.0.0 On-link 169.254.211.218 261

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.1.127 281

255.255.255.255 255.255.255.255 On-link 169.254.211.218 261

===========================================================================

Persistent Routes:

None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

1 306 ::1/128 On-link

28 306 2001::/32 On-link

28 306 2001:0:5ef5:79fd:ac:3819:d1db:37a4/128

On-link

24 261 fd00::/8 On-link

24 261 fd10:15f5:6404:9df4:2fab:695f:a5f1:e2e0/128

On-link

24 261 fe80::/64 On-link

28 306 fe80::/64 On-link

28 306 fe80::ac:3819:d1db:37a4/128

On-link

24 261 fe80::b8f7:4175:c9b4:d3da/128

On-link

1 306 ff00::/8 On-link

28 306 ff00::/8 On-link

24 261 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

______________________________________________________________________________________________________________________________________________________________________________________________________________________________________

C:\Users\Paul>

VPN Through my house w/ connected tunnel:

C:\Users\Paul>route print

===========================================================================

Interface List

9...f0 1f af 1f 97 c9 ......Realtek PCIe FE Family Controller

10...1e 85 56 78 f9 49 ......Microsoft Wi-Fi Direct Virtual Adapter

24...02 c0 c8 28 89 01 ......BlackBerry Virtual Private Network

29...00 ff f6 42 c4 39 ......TAP-Windows Adapter V9

23...bc 85 56 78 f9 49 ......Dell Wireless 1705 802.11b/g/n (2.4GHZ)

13...bc 85 56 78 f9 4a ......Bluetooth Device (Personal Area Network)

1...........................Software Loopback Interface 1

8...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

28...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter

14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4

57...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.127 25

0.0.0.0 128.0.0.0 10.1.1.1 10.1.1.2 20

10.0.0.0 255.255.255.0 10.1.1.1 10.1.1.2 20

10.1.1.0 255.255.255.0 On-link 10.1.1.2 276

10.1.1.2 255.255.255.255 On-link 10.1.1.2 276

10.1.1.255 255.255.255.255 On-link 10.1.1.2 276

96.59.238.190 255.255.255.255 192.168.1.1 192.168.1.127 25

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

128.0.0.0 128.0.0.0 10.1.1.1 10.1.1.2 20

169.254.0.0 255.255.0.0 On-link 169.254.211.218 261

169.254.211.218 255.255.255.255 On-link 169.254.211.218 261

169.254.255.255 255.255.255.255 On-link 169.254.211.218 261

192.168.1.0 255.255.255.0 On-link 192.168.1.127 281

192.168.1.127 255.255.255.255 On-link 192.168.1.127 281

192.168.1.255 255.255.255.255 On-link 192.168.1.127 281

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.1.127 281

224.0.0.0 240.0.0.0 On-link 169.254.211.218 261

224.0.0.0 240.0.0.0 On-link 10.1.1.2 276

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.1.127 281

255.255.255.255 255.255.255.255 On-link 169.254.211.218 261

255.255.255.255 255.255.255.255 On-link 10.1.1.2 276

===========================================================================

Persistent Routes:

None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

1 306 ::1/128 On-link

24 261 fd00::/8 On-link

24 261 fd10:15f5:6404:9df4:2fab:695f:a5f1:e2e0/128

On-link

24 261 fe80::/64 On-link

24 261 fe80::b8f7:4175:c9b4:d3da/128

On-link

1 306 ff00::/8 On-link

24 261 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

______________________________________________________________________________________________________________________________________________________________________________________________________________________________________ C:\Users\Paul>

Trace Route to Google thru my OpenVPN, stops at my bridged cable modem, firewall off 192.168.0.1:

C:\Users\Paul>tracert 8.8.8.8

Tracing route to google-public-dns-a.google.com [8.8.8.8]

over a maximum of 30 hops:

1 153 ms 254 ms 262 ms 10.1.1.1 #Home OpenVPN Server

2 133 ms 136 ms 138 ms Martin [10.0.0.1] #Gateway Cisco Router

3 127 ms 132 ms 133 ms 192.168.0.1 #Bridged Cable Modem

4 * * * Request timed out.

5 * * * Request timed out.

6 * * * Request timed out.

7

______________________________________________________________________________________________________________________________________________________________________________________________________________________________________

A trace route to google not connected via VPN and from my house gets there:

C:\Users\Alien>tracert www.google.com

Tracing route to www.google.com [64.233.185.104]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 10.0.0.1
2 1 ms <1 ms <1 ms 192.168.0.1
3 * * * Request timed out.
4 9 ms 5 ms 4 ms ten0-6-0-0.tamp20-car2.bhn.net [71.44.1.106]
5 9 ms 7 ms 12 ms 72-31-117-26.net.bhntampa.com [72.31.117.26]
6 14 ms 14 ms 12 ms 72-31-6-178.net.bhntampa.com [72.31.6.178]
7 17 ms 16 ms 12 ms ten0-3-0-2.ORLD71-CAR2.bhn.net [72.31.196.142]
8 16 ms 13 ms 16 ms hun0-3-0-9.ORLD71-cbr1.bhn.net [72.31.220.242]
9 18 ms 15 ms 15 ms 10.bu-ether15.orldfljo00w-bcr00.tbone.rr.com [66
.109.6.98]
10 25 ms 30 ms 23 ms bu-ether18.atlngamq47w-bcr01.tbone.rr.com [66.10
9.1.72]
11 21 ms 21 ms 29 ms 0.ae3.pr1.atl20.tbone.rr.com [107.14.17.190]
12 40 ms 40 ms 37 ms ix-ae-14-0.tcore1.A56-Atlanta.as6453.net [64.86.
113.37]
13 38 ms 39 ms 39 ms 72.14.221.82
14 41 ms 42 ms 35 ms 72.14.233.54
15 39 ms 34 ms 39 ms 216.239.51.243
16 36 ms 39 ms 36 ms 64.233.174.133
17 * * * Request timed out.
18 37 ms 35 ms 37 ms yb-in-f104.1e100.net [64.233.185.104]

Trace complete.

My thinking is that there must be some type of routing command that is not letting traffic find it's way back to the 10.1.1.0/24 network.

Any info provided is much appreciated, and again sorry for the mess!

v/r

Paul

Philip D'Ath · ‎04-14-2016

Add this one line:

access-list 2 permit 10.1.1.0 0.0.0.255

View solution in original post

Philip D'Ath · ‎04-14-2016

Add this one line:

access-list 2 permit 10.1.1.0 0.0.0.255

Philip D'Ath · ‎04-14-2016

Another low cost option is to deploy a proxy server at home (bit hard when you are not there). Squid + a Raspberry Pi 3 would be a cheap option.

Paul Martin · ‎04-14-2016

Mr. Philip,

I would buy you a beer right now if I was home!! I new it would be something as simple as that, but staring at it for hours and hours, I just missed it.

I'll research your secondary option when I return. For now, I appreciate you taking the time here.

v/r

Paul

Philip D'Ath · ‎04-17-2016

I suspect buying me a beer would be just as tricky now as when you get home, as my home is probably more than a couple of km's away from yours. :-)

Auckland, New Zealand