[CentOS] [Bulk] Re: vpn - xl2tpd and routing to a net?

Wed Jan 27 14:38:56 UTC 2016
lejeczek <peljasz at yahoo.co.uk>

On 26/01/16 17:19, John R Pierce wrote:
> On 1/26/2016 9:14 AM, Gordon Messmer wrote:
>> On 01/26/2016 05:37 AM, lejeczek wrote:
>>> vpn clients with established tunnels can get to VPN 
>>> server's NICs/IPs but cannot get through to the net 
>>> behind the server.
>>> Well... they can, but only if on a host (eg. 
>>> on VPN server's net I do:
>>> route add -host gw    # 
>>> is VPN client 
>> If the VPN isn't hosted on the device with the default 
>> gateway, then that route should be added to the gateway 
>> device.  Proxy arp is an option if you use addresses in 
>> the same broadcast domain, but adding a route in the 
>> gateway device should work for all configurations.
> not in this case, because a random host like 
> thinks the remote VPN client is on the same 
> LAN, so it wouldn't even forward the packet to the gateway 
> unless the gateway responds to the ARP for
yes, I see I might not have said it clear in my last message 
- like John says - move your VPN local IP to a different 
subnet and it works, otherwise route on 'per-host basis' to 
each VPN client - wrong & undesired.