Topic: Routing traffice over site-to-site vpn problem

[jester]

Hi,

We're trying to connect two sme-servers with an OpenVPN tunnel and want to be able to access both servers from both LANs.

• Vpn between the two SME Servers has been set up (with the Firewall-Services OpenVPN bridging contrib and some manual adjustments).
• The network segment of the remote server has been added to the 'Local Networks'.
• We can ping the remote server from the local server, but i can't from a workstation in the local LAN.

Has someone done this before who can tell us how to configure access of the remote server/LAN from the local LAN ?!

jester.

[jester]

Ok, maybe a bit more detail will trigger some responses... This is what we've got until now:

• Local server: 192.168.20.1
• Remote server: 192.168.10.1

Code: [Select]

# ifconfig
br0       Link encap:Ethernet  HWaddr 00:13:72:2F:8F:77
          inet addr:192.168.20.1  Bcast:192.168.20.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:18483 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18151 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1505628 (1.4 MiB)  TX bytes:6587817 (6.2 MiB)

eth0      Link encap:Ethernet  HWaddr 00:10:18:19:8E:71
          inet addr:10.0.1.188  Bcast:10.0.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:22280 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18360 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:7007071 (6.6 MiB)  TX bytes:1987021 (1.8 MiB)
          Interrupt:169

eth1      Link encap:Ethernet  HWaddr 00:13:72:2F:8F:77
          UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:18513 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18161 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1883283 (1.7 MiB)  TX bytes:6674017 (6.3 MiB)
          Interrupt:177

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2208 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2208 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:328386 (320.6 KiB)  TX bytes:328386 (320.6 KiB)

tap0      Link encap:Ethernet  HWaddr 00:FF:8F:19:67:72
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:656 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:72397 (70.7 KiB)

tap1      Link encap:Ethernet  HWaddr 00:FF:FD:92:E1:88
          inet addr:192.168.10.201  Bcast:192.168.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:553 errors:0 dropped:0 overruns:0 frame:0
          TX packets:382 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:83913 (81.9 KiB)  TX bytes:36212 (35.3 KiB)


Code: [Select]

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.20.0    *               255.255.255.0   U     0      0        0 br0
10.0.1.0        *               255.255.255.0   U     0      0        0 eth0
192.168.10.0    192.168.10.201  255.255.255.0   UG    0      0        0 tap1
default         10.0.1.1        0.0.0.0         UG    0      0        0 eth0

# db networks show
192.168.10.0=network
    Mask=255.255.255.0
    Router=192.168.20.1
192.168.20.0=network
    Mask=255.255.255.0
    SystemLocalNetwork=yes


Code: [Select]

# ping -c 3 192.168.10.1
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
64 bytes from 192.168.10.1: icmp_seq=0 ttl=64 time=20.1 ms
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=24.4 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=26.5 ms

--- 192.168.10.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 20.102/23.698/26.588/2.700 ms, pipe 2

As said, from the local server the remote server is accessible, now from a workstation in the local LAN being able to see/access the remote server... Google has not been my friend, so: Anyone ?!

[Stefano]

just a question: are SMEs the default GW for their lans?

Stefano and.. my english is poor

[jester]

Hi Stefano,
Yes, both servers in gateway mode and serving DHCP to their LANs.

[cactus]

Hi Stefano,
Yes, both servers in gateway mode and serving DHCP to their LANs.

What is the output of a traceroute form one side to the other side?

[jester]

Hi Cactus,
A traceroute gives us:

Code: [Select]

# traceroute 192.168.10.1
traceroute to 192.168.10.1 (192.168.10.1), 30 hops max, 38 byte packets
 1  192.168.10.1 (192.168.10.1)  22.740 ms  25.040 ms  24.377 ms


Thanx for every one's replies/efforts btw!
jester.

[cactus]

Hi Cactus,
A traceroute gives us:

Code: [Select]

# traceroute 192.168.10.1
traceroute to 192.168.10.1 (192.168.10.1), 30 hops max, 38 byte packets
 1  192.168.10.1 (192.168.10.1)  22.740 ms  25.040 ms  24.377 ms


I am not sure that you are doing what I intended as it seems you are tracing the same host you are working on.

I would like to know if you can trace:

• SME Server A from SME Server B
• SME Server B from SME Server A
• a client in SME Server A's subnet from SME Server B
• a client in SME Server B's subnet from SME Server A
• a client in SME Server A's subnet from SME Server B's subnet
• a client in SME Server B's subnet from SME Server A's subnet

[jester]

Server A / local server / name: landrover / IP: 192.168.20.1
Server B / remote server / name: landcruiser / IP: 192.168.10.1

The output of commands in my second post are all from Server A.

Trace of Server A from Server B (with ifconfig for verification):

Code: [Select]

[root@landcruiser ~]# ifconfig br0
br0       Link encap:Ethernet  HWaddr 00:1E:68:A9:C0:CF
          inet addr:192.168.10.1  Bcast:192.168.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:258524 errors:0 dropped:0 overruns:0 frame:0
          TX packets:408574 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:31095053 (29.6 MiB)  TX bytes:486747583 (464.1 MiB)

[root@landcruiser ~]# traceroute 192.168.20.1
traceroute to 192.168.20.1 (192.168.20.1), 30 hops max, 38 byte packets
 1  192.168.20.1 (192.168.20.1)  27.180 ms  24.128 ms  19.574 ms

Trace of Server B from Server A (with ifconfig for verification):

Code: [Select]

[root@landrover ~]# ifconfig br0
br0       Link encap:Ethernet  HWaddr 00:13:72:2F:8F:77
          inet addr:192.168.20.1  Bcast:192.168.20.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:62408 errors:0 dropped:0 overruns:0 frame:0
          TX packets:52191 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:6501901 (6.2 MiB)  TX bytes:30533060 (29.1 MiB)

[root@landrover ~]# traceroute 192.168.10.1
traceroute to 192.168.10.1 (192.168.10.1), 30 hops max, 38 byte packets
 1  192.168.10.1 (192.168.10.1)  21.147 ms  19.533 ms  20.992 ms

Trace of client in Server A's subnet from Server B:

Code: [Select]

[root@landcruiser ~]# ping -c 2 192.168.20.200
PING 192.168.20.200 (192.168.20.200) 56(84) bytes of data.
From 192.168.10.1 icmp_seq=0 Destination Host Unreachable
From 192.168.10.1 icmp_seq=1 Destination Host Unreachable

--- 192.168.20.200 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 999ms
, pipe 3
[root@landcruiser ~]# traceroute 192.168.20.200
traceroute to 192.168.20.200 (192.168.20.200), 30 hops max, 38 byte packets
 1  landcruiser (192.168.10.1)  3000.948 ms !H  3000.805 ms !H  3000.967 ms !H

Trace of client in Server B's subnet from Server A:

Code: [Select]

[root@landrover ~]# ping -c 2 192.168.10.197
PING 192.168.10.197 (192.168.10.197) 56(84) bytes of data.
64 bytes from 192.168.10.197: icmp_seq=0 ttl=128 time=20.7 ms
64 bytes from 192.168.10.197: icmp_seq=1 ttl=128 time=19.8 ms

--- 192.168.10.197 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 19.878/20.299/20.720/0.421 ms, pipe 2
[root@landrover ~]# traceroute 192.168.10.197
traceroute to 192.168.10.197 (192.168.10.197), 30 hops max, 38 byte packets
 1  * * *
 2  * * *
 ....
 30  * * *


!! Can't do a trace of a client in Server A's subnet from Server B's subnet at the moment...

Trace of client in Server B's subnet from a client in Server A subnet (from a Windows client):

Code: [Select]

Tracing route to 192.168.10.197 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.20.1
  2     *        *        *     Request timed out.
  ...
  30    *        *        *     Request timed out.


[David Harper]

My guess at what is happening is that something is going wrong in the definition of Local Networks. When you try to then ping the remote server from the local LAN, the requests are being forwarded out onto the Internet, thus giving you your Destination Unreachable errors.

Can you post your Local Networks configs from both servers?