On 26/01/16 17:19, John R Pierce wrote:
On 1/26/2016 9:14 AM, Gordon Messmer wrote:
On 01/26/2016 05:37 AM, lejeczek wrote:
vpn clients with established tunnels can get to VPN
server's NICs/IPs but cannot get through to the net
behind the server.
Well... they can, but only if on a host (eg.
192.168.2.33) on VPN server's net I do:
route add -host 192.168.2.10 gw 192.168.2.100 #
192.168.2.10 is VPN client
If the VPN isn't hosted on the device with the default
gateway, then that route should be added to the gateway
device. Proxy arp is an option if you use addresses in
the same broadcast domain, but adding a route in the
gateway device should work for all configurations.
not in this case, because a random host like 192.168.2.33
thinks the remote VPN client 192.168.2.10 is on the same
LAN, so it wouldn't even forward the packet to the gateway
unless the gateway responds to the ARP for 192.168.2.10
yes, I see I might not have said it clear in my last message
- like John says - move your VPN local IP to a different
subnet and it works, otherwise route on 'per-host basis' to
each VPN client - wrong & undesired.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
