- Integrated Systems
- About Us
- Integrated Systems
- About Us
11-16-2012 08:11 AM - last edited on 01-21-2013 06:18 PM by Cathy_xu
We have an HP-UX 11.31 and some consultants have to come in from abroad. Our network providers have created a VPN for them. What do i have to do on my side.
S.This thread has been moved from System Administration to HP-UX > networking-HP Forums Moderator
Solved! Go to Solution.
11-16-2012 09:36 AM
Once Consultants logs in to the VPN from remote site, they should be able to log in the system which is in your local network, you have to grant them user level access too.
To get access, the server has to be in same network in the VPN , and make sure you have created the user ID's on the server to allow them get into the HP-UX 11.31 system.
You can ask them to check with ssh if they can get into the system, using hostname or IP address.
hope I am able to understand your question,
11-18-2012 02:33 AM
The ip the service provider used was 41.222......., Our router is 172.25......., subnet 255.255.255.0. The server ip is 172.25........, subnet 255.255.255.0. Can the offshore people log in without doing any route add net on the server?
11-18-2012 04:44 AMSolution
What is the IP address of the local VPN endpoint? Is it in the same IP subnet as your server?
(in other words: since your netmask is 255.255.255.0, if your local VPN endpoint IP is 172.25.aa.x and your server IP is 172.25.aa.y, then they are in the same subnet. If the VPN endpoint is 172.25.bb.x, then the VPN endpoint is in a different subnet.)
If the VPN endpoint is in a different subnet, you don't have to add any routes to the server: if your network admins have done their job properly, the router will be configured to know where to send the packets going to the VPN. Since the server would have to send those packets through the router anyway, you don't need to do anything at the server side: the default gateway configuration works with the VPN too.
But if your VPN endpoint is in the same subnet as your server, then it depends on how exactly the VPN is used. If the incoming traffic from the consultants has the local VPN endpoint IP as the source address, you don't have to do anything. This happens if the VPN is used in "transport mode" and the VPN client runs directly on the consultant workstation.
But if the VPN is used in "tunnel mode" so that the consultants' VPN endpoint appears as an extra router in their local network, *and* the VPN does not include NAT functionality, then the incoming traffic will have the IP address of the consultant's workstation as the source IP address. In this case, you would need to set up a route like this, in HP-UX route syntax:
route add net <consultants' network> netmask <consultants' netmask> gateway <your VPN endpoint> 1
Likewise, the consultants would have to set up a similar route on their workstations, in Windows syntax:
route add 172.25.aa.0 mask 255.255.255.0 <consultants' VPN endpoint>
If the consultants' network overlaps your IP address space, things will get tricky.