[CentOS] [Bulk] Re: vpn - xl2tpd and routing to a net?
lejeczek
peljasz at yahoo.co.uk
Wed Jan 27 14:38:56 UTC 2016
On 26/01/16 17:19, John R Pierce wrote:
> On 1/26/2016 9:14 AM, Gordon Messmer wrote:
>> On 01/26/2016 05:37 AM, lejeczek wrote:
>>> vpn clients with established tunnels can get to VPN
>>> server's NICs/IPs but cannot get through to the net
>>> behind the server.
>>> Well... they can, but only if on a host (eg.
>>> 192.168.2.33) on VPN server's net I do:
>>>
>>> route add -host 192.168.2.10 gw 192.168.2.100 #
>>> 192.168.2.10 is VPN client
>>
>> If the VPN isn't hosted on the device with the default
>> gateway, then that route should be added to the gateway
>> device. Proxy arp is an option if you use addresses in
>> the same broadcast domain, but adding a route in the
>> gateway device should work for all configurations.
>
>
> not in this case, because a random host like 192.168.2.33
> thinks the remote VPN client 192.168.2.10 is on the same
> LAN, so it wouldn't even forward the packet to the gateway
> unless the gateway responds to the ARP for 192.168.2.10
>
yes, I see I might not have said it clear in my last message
- like John says - move your VPN local IP to a different
subnet and it works, otherwise route on 'per-host basis' to
each VPN client - wrong & undesired.
More information about the CentOS
mailing list