VPN attaching to the wrong ethernet when bridging two NIC in Linux
I have problems with my VPN attaching to the wrong NIC, or it just not working when two NIC are present.
My VoIP physical phone is blocked by my ISP so i use an embedded system running Ubuntu 15.04/MATE with two ethernet ports to provide VPN access to the internet on eth0 and the VoIP phone on eth1.
I have established a DHCP Server to provide service to the VoIP phone on eth1 as follows:
Contents of "/etc/dhcp/dhcpd.conf":
ddns-update-style none;
option domain-name "xu4.org";
option domain-name-servers ns1.xu4.org, ns2.xu4.org;
# Set up our desired subnet:
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.101 192.168.1.254;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.1;
}
default-lease-time 600;
max-lease-time 7200;
authoritative;
Also
Contents of "/etc/network/interfaces":
# The uplink to the internet
auto eth0
iface eth0 inet dhcp
# Assign a static IP for this DHCP server through eth1:
auto eth1
iface eth1 inet static
address 192.168.2.100
netmask 255.255.255.0
broadcast 192.168.2.255
gateway 192.168.2.1
up route add -host 255.255.255.255 eth1
Also
Contents of "/etc/default/isc-dhcp-server":
INTERFACES="eth1"
To check that the DHCP server is working on eth1 and providing a lease:
$ more /var/lib/dhcp/dhcpd.leases
lease 192.168.2.101 {
starts 4 2016/08/18 15:51:14;
ends 4 2016/08/18 16:01:14;
tstp 4 2016/08/18 16:01:14;
cltt 4 2016/08/18 15:51:14;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 7c:2f:80:9c:e0:cb;
client-hostname "C530-IP";
}
I create a VPN connection and attach it to eth0 using the icon on the desktop
Network Icon->VPN Connections->Configure VPN->VPN->add
(setup gateway, username, password, use Point-to-point encryption, Name VPN1)
Network Icon->VPN Connections->Configure VPN->ethernet->eth0->Edit
(Automatically connect to VPN1 when using this connection, Automatic (DHCP))
Now when the system comes up, the default upstream connection appears as eth1 and not eth0. Trying to connect to the VPN fails.
The network maps is as follows:
$ route -n
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.2.1 0.0.0.0 UG 100 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UG 101 0 0 eth0
173.255.160.5 192.168.2.1 255.255.255.255 UGH 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
And the ip addresses are:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: sit0: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default
link/sit 0.0.0.0 brd 0.0.0.0
3: ip6tnl0@NONE: <NOARP,UP,LOWER_UP> mtu 1452 qdisc noqueue state UNKNOWN group default
link/tunnel6 :: brd ::
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:1e:06:30:3a:92 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.194/24 brd 192.168.1.255 scope global dynamic eth0
valid_lft 86059sec preferred_lft 86059sec
inet6 fe80::21e:6ff:fe30:3a92/64 scope link
valid_lft forever preferred_lft forever
5: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether d2:df:a9:d0:7c:03 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.100/24 brd 192.168.2.255 scope global eth1
valid_lft forever preferred_lft forever
Before I setup the router table I need to get the VPN on eth0 working.
If I remove the eth1 port as follows, then everything works fine:
$ sudo service isc-dhcp-server stop
$ sudo ifdown eth1
then the new routing table looks like this:
route -n
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 50 0 0 ppp0
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0
173.255.160.5 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0
173.255.160.129 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
173.255.160.165 0.0.0.0 255.255.255.255 UH 50 0 0 ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
And the ethernet is now successfully routed through my VPN.
Any suggestions on how to get the two ethernet connections working the required way would be appreciated.
Regards
Lachlan
|