[CentOS] vpn - xl2tpd and routing to a net?
lejeczek
peljasz at yahoo.co.ukThu Mar 31 14:35:22 UTC 2016
- Previous message: [CentOS] Is there a way to detect/validate DHCP static IP assignment?
- Next message: [CentOS] vpn - xl2tpd and routing to a net?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 26/01/16 16:26, John R Pierce wrote: > On 1/26/2016 5:37 AM, lejeczek wrote: >> >> I'm having a, I'd like to think a "regular" VPN with >> IPsec/xl2tpd and it all works OK, except.. >> One thing that I never needed but now I do and I >> wonder.... is it my iptables, or/and routing or maybe VPN >> server config..? >> >> vpn clients with established tunnels can get to VPN >> server's NICs/IPs but cannot get through to the net >> behind the server. >> Well... they can, but only if on a host (eg. >> 192.168.2.33) on VPN server's net I do: >> >> route add -host 192.168.2.10 gw 192.168.2.100 # >> 192.168.2.10 is VPN client >> >> I thought this I'd not need since that local net (eg. >> 192.168.2.33) use VPN server's 192.168.2.100 as the >> default gw. >> >> is it by design and nature of that VPN solution it works >> this way or I actually have missed/messed up something? >> I hope the latter and adding routing on per "to host" >> basis is redundant. > > > your VPN client shouldn't be on the same subnet as your > LAN. your LAN hosts expect 192.168.2.10 to be a local > address and not to have to use the gateway. you > probably could make this work with some sort of proxy arp > but ugh, bridged VPNs are problematic. > heh, I'm thinking about it again, if you use different subnet... there will be a struggle on how to push routing to vpn clients when they don't use vpn connection as default gateway. How to get around it, how to tell clients (ideally in a automated/unattended way) about VPN server other subnets? I think is must be a subnet/range the easiest way out.
- Previous message: [CentOS] Is there a way to detect/validate DHCP static IP assignment?
- Next message: [CentOS] vpn - xl2tpd and routing to a net?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list