| View previous topic :: View next topic |
| Author |
Message |
matt2kjones
Tux's lil' helper
Joined: 03 Mar 2004
Posts: 96
|
 Posted: Sun May 20, 2007 2:10 pm Post subject: routing network over pptp vpn |
 |
|
Hey there.
Im currently having a few problems.
I have two servers, i will reference them by ip addresses:
Server 1:
eth0 : IP Assigned by ISP
eth1 : 10.10.0.1
Server Roles... default gateway for the network (all clients use gateway 10.10.0.1)
Server 2:
eth0 : 10.10.0.2
ppp0 : VPNto remote network
Server roles .... vpn client, proxy server for network, etc.
Now i have the following routes on Server 2:
dc1 ~ # route
Kernel IP routing table
| Code: |
Destination Gateway Genmask Flags Metric Ref Use Iface
10.3.0.50 * 255.255.255.255 UH 0 0 0 ppp0
10.10.0.0 * 255.255.255.0 U 0 0 0 eth0
10.3.0.0 * 255.255.255.0 U 0 0 0 ppp0
loopback * 255.0.0.0 U 0 0 0 lo
default 10.10.0.1 0.0.0.0 UG 0 0 0 eth0
dc1 ~ # |
Now if i ping 10.3.0.1 (which is an internal ip address of a server at the remote site... i can ping it fine:
| Code: | dc1 ~ # ping 10.3.0.1
PING 10.3.0.1 (10.3.0.1) 56(84) bytes of data.
64 bytes from 10.3.0.1: icmp_seq=1 ttl=128 time=49.7 ms
64 bytes from 10.3.0.1: icmp_seq=2 ttl=128 time=49.2 ms
64 bytes from 10.3.0.1: icmp_seq=3 ttl=128 time=49.2 ms
--- 10.3.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 49.208/49.385/49.733/0.246 ms
dc1 ~ # |
So the vpn seems to work great from Server 2, which is acting as the vpn client.
Now the problem comes when trying to ping from any other machine on the network. Im assuming i cant ping the route over the vpn because the default gw for the network is server1, and its server2 which has the route for the vpn.
So on server1, i did this:
| Code: | lucy Matt # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.10.0.0 * 255.255.255.0 U 0 0 0 eth1
10.3.0.0 10.10.0.2 255.255.255.0 UG 0 0 0 eth1
81.111.120.0 * 255.255.252.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default cpc2-gors1-0-0- 0.0.0.0 UG 0 0 0 eth0
lucy Matt # |
Now, since thats on server1 ... if i ping 10.3.0.1 from server1, it follows the route to server2, then follows the route on server2, and goes over ppp0.
but when pinging from the clients, it doesn't work. i thought the clients would see the route on server1, follow it to server2, then see the route on server2 and route over ppp0
If i change the computers gateway to server2, the pc's can actually contact the machines on the remote network, over the vpn
Any idea's what im doing wrong? thanx
_________________
OSST - Formally: The Linux Mirror Project
OSST - Open Source Software Downloads - Torrents for over 80 Distributions
Last edited by matt2kjones on Tue May 22, 2007 4:32 pm; edited 2 times in total |
|
| Back to top |
|
 |
alex.blackbit
Advocate
Joined: 26 Jul 2005
Posts: 2397
|
| Posted: Tue May 22, 2007 2:42 pm Post subject: |
|
|
| hmm, that this does not work from the network is clear to me... the local routing table does not alter the routing behavior of the box. you would have to use iptables to redirect the traffic. why the ping does not work from the machine itself is a different problem. i would have made the same adjustments. |
|
| Back to top |
|
|
alex.blackbit
Advocate
Joined: 26 Jul 2005
Posts: 2397
|
| Posted: Tue May 22, 2007 2:45 pm Post subject: |
|
|
oh, wait...
server2 does also have to "route" from the physical to the pptp interface.
is /proc/sys/net/ipv4/ip_forward set to 1? |
|
| Back to top |
|
|
matt2kjones
Tux's lil' helper
Joined: 03 Mar 2004
Posts: 96
|
| Posted: Tue May 22, 2007 4:26 pm Post subject: |
|
|
What i dont understand.... is that.... i assume route will only route traffic for THAT machine
but when i set this route on 10.10.0.2: route add -net 10.3.0.0/24 netmask 255.255.255.0 dev ppp0 then set all the client computer gateways on the network to 10.10.0.2, all the computers CAN access the vpn... so it seems that route does route traffic coming from other machines.
So, i set all the gateways back to 10.10.0.1, left the above route in for 10.10.0.2, then on 10.10.0.1 added this route: route add -net 10.3.0.0 netmask 255.255.255.0 gw 10.10.0.2
I assumed that, since all the clients on the network use 10.10.0.1 as a gateway, that gateway would route the traffic to gateway 10.10.0.2. then, 10.10.0.2 would follow its route, and route traffic down ppp0.
This is a (really bad) diagram of the network layout:
http://www.digitallyhosted.com/images/vpn_layout.jpg
Any help would be great!
| Quote: | oh, wait...
server2 does also have to "route" from the physical to the pptp interface.
is /proc/sys/net/ipv4/ip_forward set to 1? |
Yes, both servers (server 1 and 2) are set to 1.
PS... i have editted my first post as i have made a slight bit of progress
thanx
_________________
OSST - Formally: The Linux Mirror Project
OSST - Open Source Software Downloads - Torrents for over 80 Distributions |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
