Find the answer to your Linux question:
Results 1 to 7 of 7
I have established a VPN with my office server from home, and I wish to access a computer inside my office network, but all I can do is ping the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2006
    Location
    Athens, Greece
    Posts
    4

    Route Remote Desktop through VPN


    I have established a VPN with my office server from home, and I wish to access a computer inside my office network, but all I can do is ping the server I connect with vpn to. this is my ifconfig output: (ppp0 is the vpn tunneling interface)

    eth0 Link encap:Ethernet HWaddr 00:0F:EA:E2:0B:3B
    UP BROADCAST NOTRAILERS MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
    Interrupt:50

    eth1 Link encap:Ethernet HWaddr 00:0F:EA:E2:0B:4F
    inet addr:10.0.0.3 Bcast:10.0.0.255 Mask:255.255.255.0
    inet6 addr: fe80::20f:eaff:fee2:b4f/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:2526 errors:0 dropped:0 overruns:0 frame:0
    TX packets:3199 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:1658593 (1.5 Mb) TX bytes:423968 (414.0 Kb)
    Interrupt:58 Base address:0x6000

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:1788 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1788 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:141701 (138.3 Kb) TX bytes:141701 (138.3 Kb)

    ppp0 Link encap:Point-to-Point Protocol
    inet addr:10.0.0.50 P-t-P:10.0.0.51 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1
    RX packets:9 errors:0 dropped:0 overruns:0 frame:0
    TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:3
    RX bytes:114 (114.0 b) TX bytes:126 (126.0 b)

    Question: How do I access lets say 10.0.0.18 inside office network? I know I must route something but what and how?

  2. #2
    Linux Enthusiast KenJackson's Avatar
    Join Date
    Jun 2006
    Location
    Maryland, USA
    Posts
    510
    There is a problem here. Your ppp devices have IP addresses within another network. You want them to be on their own network so you can route packets between the ppp devices that the eth devices.

    Also, I don't know if the ifconfig output you listed is home or work, but you need your home and office eth devices to have different networks also.

    Lets assume you change the setup to this, with masks of 255.255.255.0 all around:
    work eth 10.0.0.3
    home eth 192.168.1.3 (if needed)
    work ppp 192.168.2.51
    home ppp 192.168.2.50

    Then you need to add routing at home like this:
    Code:
    # route add -net 10.0.0.0 netmask 255.255.255.0 gw 192.168.2.51
    and at work
    Code:
    # route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.50
    Also, your PC at work (and at home if you have a home network) will have to have routing enabled by
    putting "net.ipv4.ip_forward = 1" in /etc/sysctl.conf and executing
    # sysctl -w net.ipv4.ip_forward=1

  3. #3
    Just Joined!
    Join Date
    Jun 2006
    Location
    Athens, Greece
    Posts
    4
    Office network is Windows based, and remote desktop allready works if I use a Windows RDP client through VPN with the same IP addresses at home. However I would like to connect from my main home computer also, and that is a Linux machine.

    Also I don't know if you noticed, the ppp0 interface is with a network mask of 255.255.255.255 and the local computer has gotten a second IP from the remote network 10.0.0.50. (this last address can change, but the 10.0.0.51 is the internal address of the VPN server).

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Enthusiast KenJackson's Avatar
    Join Date
    Jun 2006
    Location
    Maryland, USA
    Posts
    510
    Quote Originally Posted by vasper
    the ppp0 interface is with a network mask of 255.255.255.255 and the local computer has gotten a second IP from the remote network 10.0.0.50. (this last address can change, but the 10.0.0.51 is the internal address of the VPN server).
    OK, I think you are saying you don't have control over the VPN server configuration at work, but you've confirmed it works when connecting to a Windows PC so it must be able to work with a Linux PC without change. That sounds plausible. Then the ifconfig output you listed must be for your home Linux PC.

    I did notice the netmask of 255.255.255.255, and that is fine for ppp, in fact now that I think about it, that's standard. But I also saw eth1 has address 10.0.0.3 and netmask 255.255.255.0, which means the networks of eth1 and ppp0 overlap. That's bad.

    IP addresses are not assigned to machines, they are assigned to interfaces. And all interfaces of a PC should be in different, non-overlapping networks.

    It's still not clear to me what your home configuration is. Do you have a Windows PC and a Linux PC connected via ethernet to a router or cable modem? Or are you physically connecting and disconnecting the two so that only one is connected at a time? If the two PCs at home are not networked together, you don't need to bother with sysctl.

    But either way, you should change the address and network of eth1. You will then have access to computers at work because when you send a packet to any 10.0.0.X address, the routing table will say it must be transmitted via interface ppp0 (assuming you added the routing table entry I noted earlier), which is what you want. Whether you change the address of ppp0 may depend on what the VPN server expects.

  6. #5
    Just Joined!
    Join Date
    Jun 2006
    Location
    Athens, Greece
    Posts
    4
    It's still not clear to me what your home configuration is. Do you have a Windows PC and a Linux PC connected via ethernet to a router or cable modem? Or are you physically connecting and disconnecting the two so that only one is connected at a time? If the two PCs at home are not networked together, you don't need to bother with sysctl.
    All of my home computers are connected via an ethernet switch to my adsl router that has the internal ip 10.0.0.138 (which cannot be changed in this model). The pc that also has windows on it has the ip 10.0.0.4, and my main PC has 10.0.0.3. (I also have 2 more with 10.0.0.5 and 10.0.0.6. The problem is not however in the internal network, unless with Linux I have to change my IP settings.

    Now the Windows client (XP Pro) can connect with VPN and then Remote Desktop connects fine to 10.0.0.28 which is an internal address on the Office network without any changes in the settings, except I have to redirect port 3389 from my ADSL router to the internal address 10.0.0.4 that is now set for 10.0.0.3

    But either way, you should change the address and network of eth1. You will then have access to computers at work because when you send a packet to any 10.0.0.X address, the routing table will say it must be transmitted via interface ppp0 (assuming you added the routing table entry I noted earlier), which is what you want. Whether you change the address of ppp0 may depend on what the VPN server expects.
    Unfortunatelly this is out of the question. I will either have to change the adsl router or change the Office network address, which is also out of the question since it has more than 20 computers, 2 domains and 1 backup domain (all of them are Windows Servers and clients).

    I guess it cannot be done with Linux... Oh well.... VMWare here I come....

  7. #6
    Linux Enthusiast KenJackson's Avatar
    Join Date
    Jun 2006
    Location
    Maryland, USA
    Posts
    510
    VMware is not a bad option either.

    If you MUST keep all the addresses the same, you might get it to work by making a bunch of small networks and assigning multiple IP addresses to your Linux PC. This would be an awful lot of work, but it should work.

    Put 10.0.0.0 to 10.0.0.6 in network 10.0.0.0/29 with netmask 255.255.255.248, and put the ADSL router in it's own network 10.0.0.136/30 and then assign additional IP 10.0.0.137 to your Linux PC using the 'ip' command from the 'iproute2' package.

    But this won't work if IPs 10.0.0.7 or 10.0.0.137 or 10.0.0.139 are being used anywhere. And it would be a pain in the neck to manage.

    One more option that could make it work, though with much mucking around, is to assign a fictitious network to your work network and use NAT in iptables to translate from fictitious to real just before transmitting. I think that would work, though it would also be a hassle to setup.

  8. #7
    Just Joined!
    Join Date
    Jun 2006
    Location
    Athens, Greece
    Posts
    4
    In Windows, before connection I have this route table: (10.0.0.66 is a laptop, 10.0.0.138 is the router)

    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 10.0.0.138 10.0.0.66 20
    10.0.0.0 255.255.255.0 10.0.0.66 10.0.0.66 20
    10.0.0.66 255.255.255.255 127.0.0.1 127.0.0.1 20
    10.255.255.255 255.255.255.255 10.0.0.66 10.0.0.66 20
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    224.0.0.0 240.0.0.0 10.0.0.66 10.0.0.66 20
    255.255.255.255 255.255.255.255 10.0.0.66 10004 1
    255.255.255.255 255.255.255.255 10.0.0.66 10.0.0.66 1
    255.255.255.255 255.255.255.255 10.0.0.66 2 1
    Default Gateway: 10.0.0.138

    after connection I have this route table: (10.0.0.66 is a laptop, 10.0.0.138 is the router, 10.0.0.45 is the vpn Servers internal address and xx.xx.xxx.x its external)

    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 10.0.0.45 10.0.0.45 1
    0.0.0.0 0.0.0.0 10.0.0.138 10.0.0.66 21
    10.0.0.0 255.255.255.0 10.0.0.66 10.0.0.66 20
    10.0.0.0 255.255.255.0 10.0.0.45 10.0.0.45 1
    10.0.0.45 255.255.255.255 127.0.0.1 127.0.0.1 50
    10.0.0.66 255.255.255.255 127.0.0.1 127.0.0.1 20
    10.255.255.255 255.255.255.255 10.0.0.45 10.0.0.45 50
    10.255.255.255 255.255.255.255 10.0.0.66 10.0.0.66 20
    xx.xx.xxx.x 255.255.255.255 10.0.0.138 10.0.0.66 20
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    224.0.0.0 240.0.0.0 10.0.0.66 10.0.0.66 20
    224.0.0.0 240.0.0.0 10.0.0.45 10.0.0.45 1
    255.255.255.255 255.255.255.255 10.0.0.45 10.0.0.45 1
    255.255.255.255 255.255.255.255 10.0.0.66 10.0.0.66 1
    255.255.255.255 255.255.255.255 10.0.0.66 10004 1
    255.255.255.255 255.255.255.255 10.0.0.66 2 1
    Default Gateway: 10.0.0.45


    According to this can't I do a similar route table in Linux perhaps by running a script right after the vpn connection?

    The Interface column for example is 10.0.0.66 = eth1 (in my case), 127.0.0.1 = lo, 10.0.0.45 = ppp0

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •