Find the answer to your Linux question:
Results 1 to 5 of 5
Hi all, I am building my own network and adding complexity and have hit a point where I need some help. Here is the scenario as it sits today: There ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2012
    Posts
    12

    Multiple Gateways and Routing


    Hi all,

    I am building my own network and adding complexity and have hit a point where I need some help. Here is the scenario as it sits today:
    There are two sites:
    Main Site: Local Network is 10.10.100.0/24, VPN Network is 10.10.101.0/24
    All traffic flows through a Debian based router that has the address 10.10.100.1 on eth0.
    OpenVPN server is running on the router using a tun interface (tun0), this interface has is an IP of 10.10.101.1

    Secondary Site: Local Network is 192.168.1.0/24
    There is a Debian machine at this site and it is configured to connect back to the VPN server whenever it looses connection and it receives an IP of 10.10.101.2.
    The OpenVPN configuration does not change the default route of this client, the client accesses the internet through its local gateway at 192.168.1.1.

    So far everything I have tried to get working is working.
    The external client connects to the VPN network no problem.
    I can SSH to the remote client from the main network
    I can SSH from the remote client to the main network
    Computers on the main network can surf the internet through their local provider on the other side of the Debian router.

    So far so good.

    The next thing I wanted to do and where I am stuck is, routing selective connections from the main site through the secondary site.

    Ideally what I want to do is to be able to specify either internal or external IP's and or ranges to be routed through the secondary gateway (192.168.1.1). So far what I did was look at ip route and have done the following

    Defined the routing tables
    Code:
    echo 200 GW1 >> /etc/iproute2/rt_tables
    echo 205 GW2 >> /etc/iproute2/rt_tables
    Added a route
    Code:
    ip route add default via 10.10.101.2 dev tun0 table GW2
    Added a test IP to route via the GW2 - the IP is actually for the page ipogre.com/linux.php IP Lookup which I can see which GW I am using
    Code:
    ip rule add to 166.78.1.205 table GW2
    ip rule add from 166.78.1.205 table GW2
    I have used tcpdump to dig into what is happening (or not) and I see the request hit the router on the main site on tun0 but I am seeing nothing on the secondary site on either interface. Networking, routing and iptables are fare from my strong point so if anyone can help me troubleshoot it would be greatly appreciated.

  2. #2
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,753
    What are your subnet masks? You show the LAN as .../100/0/24 and the vpn as .../101.0/24
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  3. #3
    Just Joined!
    Join Date
    Sep 2012
    Posts
    12
    Subnet mask for both networks is 255.255.255.0.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,753
    Have you set up route tables in the router to route the vpn subnet to the other?
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  6. #5
    Just Joined!
    Join Date
    Sep 2012
    Posts
    12
    So I have the following setup when I run the command route

    Code:
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    0.0.0.0         99.99.192.1     0.0.0.0         UG    0      0        0 eth1
    10.10.100.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
    10.10.101.0     0.0.0.0         255.255.255.0   U     0      0        0 tun0
    99.99.192.0     0.0.0.0         255.255.252.0   U     0      0        0 eth1
    And I also have the above (see post 1) route2 settings for a specific "IP's" that I want to route through the secondary gateway.

    Hopefully I understood your question properly.

    The packets seem to hit the tun0 device on the router but never make it to the other side.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •