Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 1323 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traceroute - can I set the source range to the VPN clients network range

Peter Somers

Hi all,

First time here so go easy on me.

I am trying to see if a route is available from the VPN clients range from the Sophos XG. Traceroute has an option to set a source address but then I attempt it it comes back with:

 

console> traceroute source 10.30.0.20 10.20.10.12
traceroute: can't set multicast source interface

 

Does anyone know if I am doing this wrong or cannot be done?

 

Thank you.

 

Peter

 



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi  

    Thank you for reaching out to the Community!

    There is no option/flag to use the source as a network or multiple IP addresses with the traceroute command. 

    SFVUNL_VM01_SFOS 17.5.11 MR-11.HF052220.1# traceroute --help
    BusyBox v1.21.1 (2020-03-23 08:03:19 UTC) multi-call binary.

    Usage: traceroute [-46FIldnrv] [-f 1ST_TTL] [-m MAXTTL] [-p PORT] [-q PROBES]
    [-s SRC_IP] [-t TOS] [-w WAIT_SEC] [-g GATEWAY] [-i IFACE]
    [-z PAUSE_MSEC] HOST [BYTES]

    Trace the route to HOST

    -4,-6 Force IP or IPv6 name resolution
    -F Set the don't fragment bit
    -I Use ICMP ECHO instead of UDP datagrams
    -l Display the TTL value of the returned packet
    -d Set SO_DEBUG options to socket
    -n Print numeric addresses
    -r Bypass routing tables, send directly to HOST
    -v Verbose
    -m Max time-to-live (max number of hops)
    -p Base UDP port number used in probes
    (default 33434)
    -q Number of probes per TTL (default 3)
    -s IP address to use as the source address
    -t Type-of-service in probe packets (default 0)
    -w Time in seconds to wait for a response (default 3)
    -g Loose source route gateway (8 max)

    SFVUNL_VM01_SFOS 17.5.11 MR-11.HF052220.1#

    However, if you want to check the routing table, you could use this command from the Advanced Shell: netstat -rn

    Thanks,

  • 0

    I'm sorry if this isn't exactly what you want (bad english from my part.)

    But, you can use the VPN interface as source with traceroute.

    Here's an example of a traceroute to a SSLVPN client.

    SFVH_SO01_SFOS 18.0.1 MR-1-Build396# traceroute -i tun0 10.0.50.11
    traceroute to 10.0.50.11 (10.0.50.11), 30 hops max, 46 byte packets
     1  10.0.50.11 (10.0.50.11)  198.032 ms  64.203 ms  40.030 ms

     

    Thanks!

  • 0 in reply to Prism

    Thank you for coming back to me. I will check these options out and come back to you.