My windows laptop is directly connected to 192.168.1.0/24 (wireless lan). I access 10.21.0.0/16 though a router that is connected to both networks. The routing works fine with this configuration.

I have a VPN, that connects to 10.0.0.0/8. The VPN network doesn't actually use any IPs in the 10.21.0.0/16 range. So I should be able to configure my routing table to route all the 10.21.0.0/16 IPs through the wireless lan, and all other 10.0.0.0/8 through the VPN.

My understanding is that I can do this if the metric for the 10.21.0.0 is lower than that of the 10.0.0.0. The VPN (10.0.0.0) is automatically assigned metric 20. I have manually assigned the WLAN a metric of 1. I manually add an entry to the routing table with this command:

route add 10.21.0.0 mask 255.255.0.0 192.168.1.201 metric 1

The route is then assigned a metric of 2 (which is expected).

The problem is that it doesn't work. I can't ping any machine on the 10.21.0.0 network. But I can access other stuff on the 10.0.0.0. I can also access stuff on the 192.168.1.0.

To debug this i've done the following.

1. Run tcpdump on the router (192.168.1.201). I can verify that no packets for 10.21.0.0 arrive on that interface.
2. Disable iptables on the router. Disable the windows firewall.
3. Run wireshark on my laptop, to try and see which interface the ping requests go to. But I can't see them go anywhere!!
4. The ping command doesn't receive any 'destination unreachable' messages.

Here is the relevant section of the routing table.

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.201     192.168.1.18      2
         10.0.0.0        255.0.0.0         On-link      10.55.44.203     20
        10.21.0.0      255.255.0.0    192.168.1.201     192.168.1.18      2