On 26/01/16 16:26, John R Pierce wrote:
On 1/26/2016 5:37 AM, lejeczek wrote:
I'm having a, I'd like to think a "regular" VPN with
IPsec/xl2tpd and it all works OK, except..
One thing that I never needed but now I do and I
wonder.... is it my iptables, or/and routing or maybe VPN
server config..?
vpn clients with established tunnels can get to VPN
server's NICs/IPs but cannot get through to the net
behind the server.
Well... they can, but only if on a host (eg.
192.168.2.33) on VPN server's net I do:
route add -host 192.168.2.10 gw 192.168.2.100 #
192.168.2.10 is VPN client
I thought this I'd not need since that local net (eg.
192.168.2.33) use VPN server's 192.168.2.100 as the
default gw.
is it by design and nature of that VPN solution it works
this way or I actually have missed/messed up something?
I hope the latter and adding routing on per "to host"
basis is redundant.
your VPN client shouldn't be on the same subnet as your
LAN. your LAN hosts expect 192.168.2.10 to be a local
address and not to have to use the gateway. you
probably could make this work with some sort of proxy arp
but ugh, bridged VPNs are problematic.
after I mailed my message I did play around with it this
exact way, it works and is the simplest way, most likely the
proper way.
thanks
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
