On 1/26/2016 9:14 AM, Gordon Messmer wrote:
On 01/26/2016 05:37 AM, lejeczek wrote:
vpn clients with established tunnels can get to VPN server's NICs/IPs
but cannot get through to the net behind the server.
Well... they can, but only if on a host (eg. 192.168.2.33) on VPN
server's net I do:
route add -host 192.168.2.10 gw 192.168.2.100 # 192.168.2.10 is
VPN client
If the VPN isn't hosted on the device with the default gateway, then
that route should be added to the gateway device. Proxy arp is an
option if you use addresses in the same broadcast domain, but adding a
route in the gateway device should work for all configurations.
not in this case, because a random host like 192.168.2.33 thinks the
remote VPN client 192.168.2.10 is on the same LAN, so it wouldn't even
forward the packet to the gateway unless the gateway responds to the ARP
for 192.168.2.10
--
john r pierce, recycling bits in santa cruz
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
