VPN and Routing in one box

Check SonicWall - maybe.

Linksys RV042 will do that.

Oh! How I wish that were true as I have a number of them on hand! I have done a number things to make them do it and have become convinced that they can't. I'd be very happy to be found deficient in my thinking / testing or configuration.

Here is the scenario:

Subnet 1 < VPN > Subnet 2 > [router] > Subnet 3

192.168.1.0 192.168.2.0 192.168.3.0

Packets originate in Subnet 1, destined for Subnet 3. The VPN (Subnet 1 end) is the first hop. When packets arrive via the VPN at Subnet 2, they have to be routed to a particular router / IP address on Subnet 2, which is the next hop in order to be further routed to Subnet 3. Thus, a route has to be effective at the Subnet 2 end of the VPN that sends packets destined for Subnet 3 to the router on Subnet 2. (The return path is already taken care of separately).

That route might look like this:

192.168.3.0 255.255.255.0 192.168.2.199 where .199 is the address of the router on Subnet 2.

Here is the setup I used:

Subnet 1 < RV042 VPN > Subnet 2 > [router] > Subnet 3

192.168.1.0 192.168.2.0 192.168.3.0

The RV042 Tunnel goes from 192.168.1.0 to 192.168.3.0 The Subnet 2 RV042 VPN end LAN is on subnet 2. The static route in the Subnet 2 RV042 points packets destined for Subnet 3 to the [router] on Subnet 2.

Packets destined for Subnet 3 are routed to the VPN on Subnet 1. When they come out of the VPN, there needs to be something to tell them to go to the [router] as the next hop. Thus the static route.

I have rather conclusively shown that the static route does nothing. So, I wonder what I'm missing?