[CentOS] VPN inside VPN?
Gordon Messmer
yinyang at eburg.com
Wed Feb 9 20:40:16 UTC 2011
On 02/09/2011 12:01 PM, Nataraj wrote:
> I would also look at routing. When the second vpn comes up, it may be
> configured to alter the routing table which would then try to route the
> first vpn through the second and the second through the first.
That sounds mostly right. Many VPNs will take the default route in one
manner or another, so the OP's PC probably ends up trying to route
packets to the first VPN server through the second VPN tunnel. Routes
with one VPN usually look like:
Destination Gateway:
local broadcast
vpn1-server original default gateway
default vpn1-default-gateway
And then when the second one comes up, it looks like:
Destination Gateway:
local broadcast
vpn2-server vpn1-default-gateway
default vpn2-default-gateway
...At that point, you no longer have a route to the first VPN server
that works, so you can't reach anything.
> Another problem is that pptp is udp only and cannot be tunneled through
> a firewall easily like openvpn or ipsec, so if there is any kind of nat
> going on when you connect through the first vpn, it won't work because
> you won't get your packets back. If you were able to use openvpn tcp or
> IPSEC in a tcp tunneling configuration, it should work.
Actually, PPTP tunnels use GRE packets. I can't think of any reason
that you wouldn't be able to tunnel those, but many NAT devices
definitely can't handle them (or can't handle more than one simultaneous
GRE session).
More information about the CentOS
mailing list