netbsd-help: How to route to a default gateway that is not on my subnet?

Subject: How to route to a default gateway that is not on my subnet?
To: None <netbsd-help@netbsd.org>
From: Brian de Alwis <bsd@cs.ubc.ca>
List: netbsd-help
Date: 12/13/2006 15:23:20
Hi everybody.  I'm encountering some difficulties configuring my
laptop to work on the wireless network setup at the University of
Saskatchewan.  They use a Cisco Clean Access (CCA) system which
blocks all network traffic until you have authenticated yourself
to a CCA server.  This CCA server is supposed to be your gateway.

They have a somewhat strange setup where the gateway is actually
outside of the subnet configuration provided to the clients through
DHCP.  This setup works fine under Windows XP (and MacOS, though
I haven't seen that for myself). 

We've been able to figure out a recipe for route(8) to route packets
to the CCA server so I can authenticate myself, but we can't route
packets to any other machines.

I get the following information from DHCP:

    lease {
      interface "ath0";
      fixed-address 172.17.245.122;
      option subnet-mask 255.255.255.224;
      option routers 128.233.122.254;
      option dhcp-lease-time 1148;
      option dhcp-message-type 5;
      option domain-name-servers 128.233.3.1,128.233.150.126,128.233.119.73;
      option dhcp-server-identifier 128.233.150.112;
      option broadcast-address 255.255.255.255;
      option ntp-servers 128.233.154.245,128.233.150.93;
      option host-name "monolith";
      option netbios-name-servers 128.233.3.16,128.233.22.25;
      option domain-name "usask.ca";
      option netbios-node-type 8;
      renew 3 2006/12/13 20:46:39;
      rebind 3 2006/12/13 20:54:27;
      expire 3 2006/12/13 20:56:51;
    }

The router 128.233.122.254 is the CCA server.  Trying to add the
provided router as the default gateway fails:

    # route flush
    # route add default 128.233.122.254
    route: writing to routing socket: Network is unreachable
    add net default: gateway 128.233.122.254: Network is unreachable

Which makes sens as it's not on the subnet.

From talking to our ITS department, the CCA server 128.233.122.254
actually receives all traffic actually sent on ath0 -- the subnet
is a virtual subnet rather than an actual subnet (I'm sure I'm
butchering terms here, but I'm not a networking expert).  Apparently
Windows is configured to simply forward all traffic onto the
interface and the right thing is done (and is done on this laptop
if I'm in WinXP).

The following route(8) command actually allows pinging and
communicating with the CCA server:

    # route add -ifp ath0 -iface default 128.233.122.254

But we can't access any other machines -- from tcpdump, this route
command causes NetBSD to think that everything is on the local
interface and so it's doing ARPs to resolve the addresses.

ath0 isn't a point to point, so the following fails too:

    # ifconfig ath0 inet 172.17.245.122 128.233.122.254
    ifconfig: can't set destination address on non-point-to-point link

What I think I really want is something like the following, though
they don't work.

    # route add -iface 128.233.122.254 -ifp ath0
	# meaning: route packets to 128.233.122.254 directly to ath0
    # route add default 128.233.122.254
	# and make 128.233.122.254 the default gateway

Any ideas?

Thanks.

Brian.

-- 
  Brian de Alwis | Software Practices Lab | UBC | http://www.cs.ubc.ca/~bsd/
      "Amusement to an observing mind is study." - Benjamin Disraeli