On 1/26/2016 5:37 AM, lejeczek wrote: > > I'm having a, I'd like to think a "regular" VPN with IPsec/xl2tpd and > it all works OK, except.. > One thing that I never needed but now I do and I wonder.... is it my > iptables, or/and routing or maybe VPN server config..? > > vpn clients with established tunnels can get to VPN server's NICs/IPs > but cannot get through to the net behind the server. > Well... they can, but only if on a host (eg. 192.168.2.33) on VPN > server's net I do: > > route add -host 192.168.2.10 gw 192.168.2.100 # 192.168.2.10 is VPN > client > > I thought this I'd not need since that local net (eg. 192.168.2.33) > use VPN server's 192.168.2.100 as the default gw. > > is it by design and nature of that VPN solution it works this way or I > actually have missed/messed up something? > I hope the latter and adding routing on per "to host" basis is redundant. your VPN client shouldn't be on the same subnet as your LAN. your LAN hosts expect 192.168.2.10 to be a local address and not to have to use the gateway. you probably could make this work with some sort of proxy arp but ugh, bridged VPNs are problematic. -- john r pierce, recycling bits in santa cruz