[CentOS] vpn - xl2tpd and routing to a net?

Tue Jan 26 16:46:38 UTC 2016
lejeczek <peljasz at yahoo.co.uk>

On 26/01/16 16:26, John R Pierce wrote:
> On 1/26/2016 5:37 AM, lejeczek wrote:
>>
>> I'm having a, I'd like to think a "regular" VPN with 
>> IPsec/xl2tpd and it all works OK, except..
>> One thing that I never needed but now I do and I 
>> wonder.... is it my iptables, or/and routing or maybe VPN 
>> server config..?
>>
>> vpn clients with established tunnels can get to VPN 
>> server's NICs/IPs but cannot get through to the net 
>> behind the server.
>> Well... they can, but only if on a host (eg. 
>> 192.168.2.33) on VPN server's net I do:
>>
>> route add -host 192.168.2.10 gw 192.168.2.100    # 
>> 192.168.2.10 is VPN client
>>
>> I thought this I'd not need since that local net (eg. 
>> 192.168.2.33) use VPN server's 192.168.2.100 as the 
>> default gw.
>>
>> is it by design and nature of that VPN solution it works 
>> this way or I actually have missed/messed up something?
>> I hope the latter and adding routing on per "to host" 
>> basis is redundant. 
>
>
> your VPN client shouldn't be on the same subnet as your 
> LAN. your LAN hosts expect 192.168.2.10 to be a local 
> address and not to have to use the gateway.     you 
> probably could make this work with some sort of proxy arp 
> but ugh, bridged VPNs are problematic.
>
>
>
after I mailed my message I did play around with it this 
exact way, it works and is the simplest way, most likely the 
proper way.
thanks