LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   sharing VPN access with lan + after vpn connected unable to ping lan/public ip (https://www.linuxquestions.org/questions/linux-networking-3/sharing-vpn-access-with-lan-after-vpn-connected-unable-to-ping-lan-public-ip-627906/)

xxx_anuj_xxx 03-13-2008 08:36 PM
sharing VPN access with lan + after vpn connected unable to ping lan/public ip
 
Hi,
I have a network of 192.168.10.0/24 range.
Gateway is 192.168.10.150
There is a linux machine with ip 192.168.10.201 with a nortel vpn client. I want to use this linux machine (RHEL4) to work as a gateway server to vpn for my lan, I can change local machine's gateway to use Linux box as their new gatway.

Target is to share vpn access from one linux box with other machines on local network. How to achieve it? I am trying to achieve it using shorewall firewall.

I am also facing a problem which is, after connecting to vpn, I can not ping any local machine or public ip, :scratch:


My routing table is as follows:

Routing table when vpn client is off.
[root@node2 shorewall]# ip route show
10.1.10.0/24 dev eth1 proto kernel scope link src 10.1.10.2
192.168.10.0/24 dev eth0 scope link
169.254.0.0/16 dev eth1 scope link
default via 192.168.10.150 dev eth0

route -n
[root@node2 shorewall]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.1.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.10.150 0.0.0.0 UG 0 0 0 eth0

I can ping public ip's like google.com



Routing table after vpn connected.
[root@node2 shorewall]# ip route show
192.168.10.150 via 192.168.10.201 dev eth0 scope link
192.168.62.27 via 127.0.0.1 dev lo scope link
192.168.60.11 via 192.168.62.27 dev nlv0 scope link
202.33.162.196 via 192.168.10.150 dev eth0
10.1.10.0/24 dev eth1 proto kernel scope link src 10.1.10.2
192.168.10.0/24 via 192.168.62.27 dev nlv0 scope link
192.168.10.0/24 dev eth0 scope link metric 1
138.213.0.0/16 via 192.168.62.27 dev nlv0 scope link
169.254.0.0/16 dev eth1 scope link
192.168.0.0/16 via 192.168.62.27 dev nlv0 scope link
172.16.0.0/12 via 192.168.62.27 dev nlv0 scope link
I can not ping anything except pc's in vpn.



route -n
When vpn is connected
[root@node2 shorewall]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.62.19 127.0.0.1 255.255.255.255 UGH 0 0 0 lo
192.168.10.150 192.168.10.201 255.255.255.255 UGH 0 0 0 eth0
192.168.60.11 192.168.62.19 255.255.255.255 UGH 0 0 0 nlv0
202.33.162.196 192.168.10.150 255.255.255.255 UGH 0 0 0 eth0
10.1.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.10.0 192.168.62.19 255.255.255.0 UG 0 0 0 nlv0
192.168.10.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
138.213.0.0 192.168.62.19 255.255.0.0 UG 0 0 0 nlv0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
192.168.0.0 192.168.62.19 255.255.0.0 UG 0 0 0 nlv0
172.16.0.0 192.168.62.19 255.240.0.0 UG 0 0 0 nlv0
0.0.0.0 192.168.10.150 0.0.0.0 UG 0 0 0 eth0




Thanks and Regards
Anuj

karpi 03-14-2008 02:50 AM
Hello,

you can add a route on every box with

"route add vpn-net netmask gateway"

You also have to enable routing on the vpn-box.

From what I see, when connecting to the VPN the default-gateway is deleted.
Maybe this is for security reasons.
If you want to keep your default-gateway you have to reconfigure the DHCP-part
of the vpn-setup.

HTH


All times are GMT -5. The time now is 08:39 AM.