Hi all,
We have 2 LAN connected via OpenVPN tunnel (mode p2p).
On LAN-2, there is a 3rd LAN connected to 2nd via Linux box (192.168.53.206 in attached image).

From LAN-1 (192.168.43.0/24) I can ping any host of LAN-2 (192.168.53.0/24).

From LAN-2, I can ping any host of LAN-3 (192.168.63.0/24).

So my question how to route traffic from LAN-1 to LAN-3? I would like to reach LAN-3's hosts from LAN-1.

Thanks,

Attached Thumbnails

 

On firewall/router in LAN-1 add a static route to LAN-2
Taken from memory, you'll want to check the syntax:
route add -net 192.168.60.0 netmask 255.255.255.0 192.168.43.2 (I assume that's the ip of router on LAN-2)

google quagga it is very cool. Would help more but just learning linux dynamic routing

Any device acting as router must have routing information by which to route. There are different types of route in the route table. Connected routes (aka local or direct routes) are implied by the configuration of the interface. i.e. Host 192.168.43.1 knows it has a route 192.168.43.0/24 available via its ethernet port because you have literally told it by configuring it.

Indirect routes are those in which the host does not personally belong. So 192.168.43.1 cannot infer knowledge about 192.168.63.0/24 from its local network memberships. It somehow has to learn about where this network is located and how to get to it.

This can be done by a adding a Static route, which is put into the config of the host to tell it how to reach this indirect route e.e 192.168.63.0/24 gw 192.168.53.x. Alternatively you can tell it how to reach all indirect routes, if there is only one path out of the local network, by adding a default-route 0.0.0.0/0. In most desktop operating systems this is basically the default gateway.

Remember that routes are unidirectional. 192.168.43.1 needs a route to reach 192.168.63.x but likewise 192.168.63.1 needs a route configured to get to 192.168.43.x. Each node only knows about the networks it is a member of unless you tell it about others.

The alternative to static routes, which I'm sure you will have guessed by now don't really scale very well (the internet is running at around 475,000 routes at the moment) is to use a dynamic routing protocol such as RIP, OSPF or BGP. These protocols allow to "talk" to each other and thus exchange information about the networks they can reach.

This is where quagga comes in as it provides the routing deamons that allow these routing protocols to function.

That being said, each of these protocols has its own peculiarities and learning curve and I'm not sure its really justified by the small size of your network.

SO you really just need to ensure that each host has a default route to their respective "router" (which any device that is forwarding packets between networks) and each router has either connected or static routes to all networks.

You would add static routes, these days on modern kernels, by using route add -net 192.168.63.0/24 gw <next hop>

Next hop will either be the exit interface in the case of the vpn tunnel as its point-to-point it only has one end point, or for a LAN because there are many hosts available the IP address of the next hop router.

In cisco speak it would be a route statement of "ip route 192.168.63.0 255.255.255.0 192.168.53.206" on the 192.168.53.1 box. Assuming .1 is also the 43 network's default gateway.

I would design the network differently to avoid this kind of issue. Hub and spoke connecting each class C as example. Then each /24 is a local connected and routing decisions are trivial.