HPE Community
Operating System - HP-UX
1825751 Members
2840 Online
109687 Solutions
New Discussion

route

 
SOLVED
Go to solution
KINGSLEY_1
Regular Advisor

‎11-16-2012 08:11 AM - last edited on ‎01-21-2013 06:18 PM by

‎11-16-2012 08:11 AM - last edited on ‎01-21-2013 06:18 PM by

route

Dear All!

 

We have an HP-UX 11.31 and some consultants have to come in from abroad. Our network providers have created a VPN for them. What do i have to do on my side.

 

Thank you

 

 

king

 

 

S.This thread has been moved from System Administration to HP-UX > networking-HP Forums Moderator

0 Kudos
Reply
4 REPLIES 4
RAJD1
Valued Contributor

‎11-16-2012 09:36 AM

‎11-16-2012 09:36 AM

Re: route

Hi king,

 

Once Consultants logs in to the VPN from remote site, they should be able to log in the system which is in your local network, you have to grant them user level access too. 

To get access, the server has to be in same network in the VPN , and make sure you have created the user ID's on the server to allow them get into the HP-UX 11.31 system.

 

 You can ask them to check with ssh if they can get into the system, using hostname or IP address.

hope I am able to understand your question, 

 

Hth,

Raj D.

Reply
KINGSLEY_1
Regular Advisor

‎11-18-2012 02:33 AM

‎11-18-2012 02:33 AM

Re: route

Hi RAJD1!

 

The ip the service provider used was 41.222......., Our router is 172.25......., subnet 255.255.255.0. The server ip is 172.25........, subnet 255.255.255.0. Can the offshore people log in without doing any route add net on the server?

 

Thanks

 

king

0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎11-18-2012 04:44 AM

‎11-18-2012 04:44 AM

Solution

Re: route

What is the IP address of the local VPN endpoint? Is it in the same IP subnet as your server?
(in other words: since your netmask is 255.255.255.0, if your local VPN endpoint IP is 172.25.aa.x and your server IP is 172.25.aa.y, then they are in the same subnet. If the VPN endpoint is 172.25.bb.x, then the VPN endpoint is in a different subnet.)

 

If the VPN endpoint is in a different subnet, you don't have to add any routes to the server: if your network admins have done their job properly, the router will be configured to know where to send the packets going to the VPN. Since the server would have to send those packets through the router anyway, you don't need to do anything at the server side: the default gateway configuration works with the VPN too.

 

But if your VPN endpoint is in the same subnet as your server, then it depends on how exactly the VPN is used. If the incoming traffic from the consultants has the local VPN endpoint IP as the source address, you don't have to do anything. This happens if the VPN is used in "transport mode" and the VPN client runs directly on the consultant workstation.

 

But if the VPN is used in "tunnel mode" so that the consultants' VPN endpoint appears as an extra router in their local network, *and* the VPN does not include NAT functionality, then the incoming traffic will have the IP address of the consultant's workstation as the source IP address. In this case, you would need to set up a route like this, in HP-UX route syntax:

route add net <consultants' network> netmask <consultants' netmask> gateway <your VPN endpoint> 1

Likewise, the consultants would have to set up a similar route on their workstations, in Windows syntax:

route add 172.25.aa.0 mask 255.255.255.0 <consultants' VPN endpoint>

If the consultants' network overlaps your IP address space, things will get tricky.

MK
Reply
KINGSLEY_1
Regular Advisor

‎11-26-2012 05:02 AM

‎11-26-2012 05:02 AM

Re: route

Hi MK!

 

Thanks so much. Your direction helped resolved my problem.

 

king

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.