LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Routing vs. OpenVPN vs. VMware (Host Only)
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-04-2010, 05:48 AM   #1
rwf815
LQ Newbie
 
Registered: Apr 2010
Posts: 1

Rep: Reputation: 0
Routing vs. OpenVPN vs. VMware (Host Only)

Hi there!

I'm looking for some help with my special networking configuration.

The case:
I'm running two dedicated Linux servers (openSUSE). Both servers are connected through public IP addresses to the internet. Each server hosts a VMware with another Linux inside.

SRV1: dedicated, external
SRV2: dedicated, external
SRV3: VMware, hosted on SRV1, host-only network
SRV4: VMware, hosted on SRV2, host-only network

SRV1 and SRV2 are the entry points for OpenVPN from external clients. SRV1 and SRV2 are although connected through an OpenVPN connection for save data sharing.


My problems:
SRV3 can't connect to SRV2 and SRV4.
SRV4 can't connect to SRV1 and SRV3.
External OpenVPN clients connected to SRV1 can't reach SRV2 and SRV4.
External OpenVPN clients connected to SRV2 can't reach SRV1 and SRV3.



Here are my configurations:

SRV1, IP: 192.168.161.1

Code:
srv1:~ # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.4.5        0.0.0.0         255.255.255.255 UH    0      0        0 tun2
85.xx.xx.1      0.0.0.0         255.255.255.255 UH    0      0        0 eth0
10.8.1.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun1
10.8.3.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.162.0   0.0.0.0         255.255.255.0   U     0      0        0 vmnet3
10.8.4.0        10.8.4.5        255.255.255.0   UG    0      0        0 tun2
192.168.160.0   0.0.0.0         255.255.255.0   U     0      0        0 vmnet1
192.168.161.0   0.0.0.0         255.255.255.0   U     0      0        0 vmnet2
10.8.3.0        10.8.3.2        255.255.255.0   UG    0      0        0 tun0
10.8.1.0        10.8.1.2        255.255.255.0   UG    0      0        0 tun1
192.168.171.0   10.8.4.5        255.255.255.0   UG    0      0        0 tun2
192.168.172.0   10.8.4.5        255.255.255.0   UG    0      0        0 tun2
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         85.xx.xx.1      0.0.0.0         UG    0      0        0 eth0


srv1:~ # iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


SRV1 OpenVPN server.conf (for external OpenVPN clients)
server 10.8.1.0 255.255.255.0
push "route 192.168.161.0 255.255.255.0"
push "route 192.168.162.0 255.255.255.0"
push "route 192.168.171.0 255.255.255.0"
push "route 192.168.172.0 255.255.255.0"


SRV1 OpenVPN server-int.conf (for server connection to SRV2)
server 10.8.3.0 255.255.255.0
push "route 192.168.161.0 255.255.255.0"
push "route 192.168.162.0 255.255.255.0"

SRV2, IP: 192.168.171.1

Code:
srv2:~ # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.4.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.2.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun1
10.8.3.5        0.0.0.0         255.255.255.255 UH    0      0        0 tun2
85.xx.xx.1      0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.162.0   10.8.3.5        255.255.255.0   UG    0      0        0 tun2
10.8.4.0        10.8.4.2        255.255.255.0   UG    0      0        0 tun0
192.168.161.0   10.8.3.5        255.255.255.0   UG    0      0        0 tun2
10.8.2.0        10.8.2.2        255.255.255.0   UG    0      0        0 tun1
10.8.3.0        10.8.3.5        255.255.255.0   UG    0      0        0 tun2
192.168.170.0   0.0.0.0         255.255.255.0   U     0      0        0 vmnet1
192.168.171.0   0.0.0.0         255.255.255.0   U     0      0        0 vmnet2
192.168.172.0   0.0.0.0         255.255.255.0   U     0      0        0 vmnet3
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         85.xx.xx.1      0.0.0.0         UG    0      0        0 eth0


srv2:~ # iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


SRV2 OpenVPN server.conf (for external OpenVPN clients)
server 10.8.2.0 255.255.255.0
push "route 192.168.161.0 255.255.255.0"
push "route 192.168.162.0 255.255.255.0"
push "route 192.168.171.0 255.255.255.0"
push "route 192.168.172.0 255.255.255.0"


SRV2 OpenVPN server-int.conf (for server connection to SRV2)
server 10.8.4.0 255.255.255.0
push "route 192.168.171.0 255.255.255.0"
push "route 192.168.172.0 255.255.255.0"

SRV3, IP: 192.168.161.128


Code:
srv3:~ # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.161.0   0.0.0.0         255.255.255.0   U     0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.161.1   0.0.0.0         UG    0      0        0 eth1


srv3:~ # iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

SRV4, IP: 192.168.171.128


Code:
srv4:~ # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.171.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.171.1   0.0.0.0         UG    0      0        0 eth0


srv4:~ # iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


I would be glad if anybody could help.

Thanks,
RWF
 
Old 04-04-2010, 06:18 PM   #2
beadyallen
Member
 
Registered: Mar 2008
Location: UK
Distribution: Fedora, Gentoo
Posts: 209

Rep: Reputation: 36
Well the first thing to say is that you need to simplify while you debug things. From what I can tell, your main problem is that SRV1 and SRV2 can't talk to each other. Just try and get that working first. Without that, there's no way the other stuff can work anyway.
So, looking at the VPN configs for SRV1 and SRV2 connecting to each other, you've got 2 'servers'. That makes no sense at all. To make things work you need to have one as a client. Sure, they may technically connect to each other, but it'll mess up your routes and packets won't know where to go. I'm sure you could get it to work by some clever routing pushes, but there's no point. Have a proper client/server architecture.
I'd get rid of all clients, shutdown your VMs, and then get a client-server connection between SRV1 and SRV2 working. Then you can start other clients and VMs up.
If you still have problems post back with just SRV1 and SRV2 running. It'd also be useful to have the output of 'ifconfig -a' on the various machines, instead of having to figure it out from the routing table.

Good luck.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Error When converting Routing OpenVPN to bridge mode openvpn danmartinj Linux - Software 0 11-06-2009 09:23 AM
OpenVPN routing (via one VPN to another) Robsco Linux - Networking 6 04-18-2009 03:16 AM
routing using openvpn williebens Linux - Newbie 1 07-11-2008 09:28 PM
OpenVPN and Routing. Eightpock Linux - Networking 2 07-10-2008 06:48 AM
Routing between host and vmware host-only network astbis Linux - Networking 2 12-27-2007 08:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:24 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration