Find the answer to your Linux question:
Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    ipsec (VPN) - Routing assistance


    I have this task to VPN to a Vendor Network using IPSEC.

    (IPVA / IPVB)=====+GWV1+-------+GW2A===== (IP2A / IP2B)

    I have successfully connected using Phase 1 for ipsec
    ad it looks like phase 2 initiates

    The catch I have is I must provide to this Vendor 2 Public IP which they will route down the VPN.
    My Public IPs are not on the same subnet and will not simply reach my gateway with a single route rule.
    However the IPs on my end are part of a 192.168.128.0/17 private network.

    I have worked out I can use "ip route add" to perform a route via the private ip address space to the destination VPN address via my gateway's private IP. and Setup the reverse on my Gateway to my End Device

    But when it comes to the tunnel parsing the traffic, I believe I am left with incorrect packet src headers.

    Am I going the right direction if I start using iptables using SNAT ?

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,798
    You need to ensure that your partner knows to route all traffic 192.168.128.0/17 through the VPN. You should not have to NAT anything.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Hi Robert,

    The other end will not route that IP range and will only route my public IP address end points through the VPN, hence why I am stuck with managing traffic across Private IP on my end only.

    Any more insight on how to develop routing rules would be greatly appreciates.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,798
    -->
    You could use iptables to NAT your address but I find it funny that the other end will not route.

    Code:
    iptables -t nat -A POSTROUTING -o <interface> -j SNAT --to-source <PublicIP>
    Change <interface> to the interface of your VPN
    Change <PublicIP> to that of your public IP you are going to use.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •