Hello,every one,
I'v a problem when sshing to a remote host A(192.168.168.a),which is a internal workstation behind a router B(202.x.29.b).I'm now assigned an address C(192.168.0.c),by a dhcp router D(202.x.24.d).
I can ping through the gateway 202.x.29.1, 202.x.24.1 ,router B and D,yet I can't add all the routes with the error message "SIOCADDRT: Network is unreachable".When I was formerly in 202.x.29.1 segment,ssh worked perfect with route B.

Below's my tracepath:
jwshaw.punch@16:41:04:\> tracepath 202.x.29.b
1: 192.168.0.104 (192.168.0.104) 0.265ms pmtu 1500
1: 192.168.0.1 (192.168.0.1) 0.722ms
2: 202.x.24.1 (202.x.24.1) 1.949ms
3: 202.x.29.b (202.x.29.b) 2.337ms reached
Resume: pmtu 1500 hops 3 back 3
And ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:36:3F:6E:91
inet addr:192.168.0.104 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9323 errors:0 dropped:0 overruns:0 frame:0
TX packets:9166 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7849626 (7.4 Mb) TX bytes:2052827 (1.9 Mb)
Interrupt:18

Thank you in advance
Jewelshaw

Hi Jewelshaw,

if I understand you correctly, you are trying to route packets to a private address (192.168.x.x) through the Internet. That won't work.
You will have to set up a tunnel between routers B and D, preferably by way of a VPN.

Cheers

Rupert

Rupert,
You caught the point.Actually I used to ssh to the host A(192) through the router B(202) when I was assigned directly in the 202 segment, without VPN. Well, Can I make a tunnel between B and D,without VPN,'cause as a unix host itself, should router B run a VPN server?
Or else I was totally wrong about VPN?

Regards
Jewel

By the way,I can ssh to router B, and on host B,ssh to workstation A. Does it imply anything?

Hi Jewelshaw,

that "ssh-hopping" will of course work. But it doesn't imply anything with respect to the routing. No packet is actually routed from you to A.

In order to route traffic from C to A, you will have to setup a VPN. If both routers B and D are Linux machines then it won't be much of an issue. I'd suggest openswan, which is pretty easy to set up.

Basically you can choose between either:
- tunnel between routers B and D which will connect your two private networks. This will be the most comfortable solution, if possible.
- tunnel from your workstation C to remote router B. That way, just your workstation will be able to communicate with the network behind B.

( a direct tunnel from C to A would obviously not work, as that would just put you back to square one...)

Rupert