HPE Community
Operating System - Linux
1832429 Members
3234 Online
110042 Solutions
New Discussion

route 2 vpn

 
Brendorfer Richard
New Member

‎09-26-2008 08:43 AM

‎09-26-2008 08:43 AM

route 2 vpn

Hello,
can somebody help me with this problem pls?
I have a tunnel with client1:
me: 192.168.111.0/24
client1:10.8.8.0/24
tunnel is up and running (I can reach any ip from client1 netwotk).

Problem is: I have client2 which whant to reach the client1 network; so I made a tunnel with client2 as follow:
me:10.8.8.0/24 (client1 network)
client2:10.10.30.0/24
tunnel is up but from client2 I can't reach client1 network.

client2 can't make a direct tunnel with client1 !!!

Both tunnels are on the same gw (concentrator 3000).

Any help or suggestion are welcome.
0 Kudos
Reply
2 REPLIES 2
Matti_Kurkela
Honored Contributor

‎09-30-2008 06:41 AM

‎09-30-2008 06:41 AM

Re: route 2 vpn

The machines of the client2 network (or at least the default gateway of the client2 network) must be told that the client1 network is reachable going through your tunnels. In the same way, the machines of the client1 network need similar routing information so that they can send the answers back the correct way.

The Linux kernel is smart enough to recognize that when you have a tunnel up and running, you can use that tunnel to communicate with the destination network. So the client2 *may* be able to communicate with you without any further action, but it cannot communicate with client1 through you unless both clients are told that this specific route exists.

Furthermore, you seem to have set up your second tunnel so that it claims the IP addresses 10.8.8.0/24 are part of "your" network. This might be a mistake, however I cannot be sure about that without knowing *exactly* how your gw and tunnels are configured.

Could you post the exact configuration commands you've used?
The routing tables of your gw *and* both client networks would be useful too.

I assume both your clients have independent internet connections of their own, so you cannot mess with their default gateway settings. Right?

The general idea would be to specify a route like this on client2 network:

route add -net 10.8.8.0 netmask 255.255.255.0 gw

And on the client1 network:

route add -net 10.10.30.0 netmask 255.255.255.0 gw

Both routes are necessary: if you set only one, the packets can reach one network from the other, but the receiving systems won't know the correct route to send the response back.

MK
MK
0 Kudos
Reply
Brendorfer Richard
New Member

‎10-03-2008 04:18 AM

‎10-03-2008 04:18 AM

Re: route 2 vpn

Thank you Matti,
I forgot to tell that I have no rights on client1 or client2 gateways.


You are right, I tryed to make a second tunnel between "me" (client1 network) and client2 because of routes (routes are automatically added on both sides), I though that is correct but it seams I was wrong. So now I have 2 tunnels, one with client1 and one with client2 (tunnels are lan-to-lan; the simplest configuration possible). I can not put configuration here because concentrator 3000 is web based or telnet with options (1. configure; 2. setings ... etc).

I was thinking if it's possible to make a ipsec nat or something for client2.

Best regards
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.