Hello, I am having problems routing through VPN to indirect subnetworks. Do you know what could be the problem? Thanks
Network diagram
+-------------+ ---------------| VPN SERVER |-------------\ | | 10.8.0.1 | | | +-------------+ | | | | | | | v V +--------------+ +----------------+ | 10.8.0.3 | | 10.8.0.4 | | Host B | | Host A | | 192.168.1.10 | | 10.42.0.4 | +--------------+ +----------------+ | eth0 | V +--------------+ | 192.168.1.97 | | Router A | | 192.168.0.97 | +--------------+ | | | | V +-------------+ |192.168.0.252| | Host C | +-------------+
From Host A I can ping any hosts in 192.168.1.0/24 through Host B but I am not able to ping any host in 192.168.0.0/24 which is connected to Router A. When I try to ping Host C, instead of doing Host A - Host B -Router A - Host C, it does Host A - VPN SERVER - infinite.
Host A routes and traceroute
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.42.0.1 0.0.0.0 UG 100 0 0 eth0 10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 10.42.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 192.168.0.0 10.8.0.3 255.255.255.0 UG 0 0 0 tun0 192.168.1.0 10.8.0.3 255.255.255.0 UG 0 0 0 tun0 traceroute to 192.168.1.97 (192.168.1.100), 30 hops max, 60 byte packets 1 10.8.0.3 (10.8.0.3) 382.199 ms 520.565 ms 572.071 ms 2 192.168.1.97 (192.168.1.97) 572.569 ms 572.663 ms 572.665 ms traceroute to 192.168.0.253 (192.168.0.253), 30 hops max, 60 byte packets 1 10.8.0.1 (10.8.0.1) 50.554 ms 141.722 ms 141.645 ms 2 OUTSIDE IP ... 3 OUTSIDE IP ... ...
Host B routes, traceroute and forwarding info
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 192.168.1.100 0.0.0.0 UG 202 0 0 eth0 10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 128.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tun0 VPN PUBLIC IP 192.168.1.100 255.255.255.255 UGH 0 0 0 eth0 192.168.0.0 192.168.1.100 255.255.255.0 UG 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0 traceroute to 192.168.1.97 (192.168.1.97), 30 hops max, 60 byte packets 1 192.168.1.97 (192.168.1.97) 1.878 ms 1.544 ms * traceroute to 192.168.0.253 (192.168.0.253), 30 hops max, 60 byte packets 1 192.168.1.100 (192.168.1.100) 1.186 ms 1.263 ms 1.161 ms 2 192.168.1.97 (192.168.1.97) 3.437 ms 3.898 ms 3.747 ms 3 192.168.0.253 (192.168.0.253) 37.448 ms 37.534 ms 37.906 ms iptables have masquerade (A POSTROUTING -o eth0 -j MASQUERADE) and IP forward is enabled.
No comments:
Post a Comment