Route thru VPN



  • my current issue to solve, is how to route traffic from one LAN, to the other LAN, via the VPN.  the catch here, is the other LAN is not the destination… but the lan beyond (backend site, as we call it at my office.. i dont know if thats the official terminology).

    my network diagram:
    http://www.dfwlp.com/~jhorne/pics/network/Network-Diagram-20051221.1.jpg

    (at the bottom) the VPN between CERBERUS and CHIRON works fine.  all 192.168.125.0/26 traffic can get to any 192.168.125.64/26, and vice versa.  what i want, is to tell CERBERUS that any traffic destined for 10.0.0.0/22 needs to go down the VPN and be handed to CHIRON, who already has a static route and can talk to any 10.0.0.0/22 host.  when ZEUS pings 10.0.0.1:

    [root@zeus ~]# ping 10.0.0.1
    PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
    From 160.81.37.145 icmp_seq=0 Destination Host Unreachable
    From 160.81.37.145 icmp_seq=1 Destination Host Unreachable

    the internet router replys that the host is un-reachable, obviously that CERBERUS is processing this 'off-network destination' as non-vpn traffic.  however, if i add static routes (since i dont know which would work, i tried several.

    10.0.0.0/22 via 192.168.125.1 (local gateway)

    [root@zeus ~]# ping 10.0.0.1
    PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
    From 192.168.125.1 icmp_seq=0 Time to live exceeded
    From 192.168.125.1 icmp_seq=1 Time to live exceeded

    10.0.0.0/22 via 67.166.171.x (remote vpn endpoint)

    [root@zeus ~]# ping 10.0.0.1
    PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
    From 192.168.125.1 icmp_seq=0 Destination Host Unreachable
    From 192.168.125.1 icmp_seq=1 Destination Host Unreachable

    … and the same thing if i specify to go via CHIRON's LAN address or the DEVROUTERs LAN Address.

    what is the best/most effective way to accomplish this?



  • on ZEUS put in
    10.0.0.0/22 via 192.168.125.1 or default via 192.168.125.1
    on CERBERUS put in
    10.0.0.0/22 via 192.168.125.65
    on DEVROUTER put in
    192.168.125.0/26 via 192.168.125.65

    got here a 150 km ipsec vpn between 192.168.1.0/24 with localadress 192.168.1.1 and 10.141.254.0/24 with localadress 10.141.254.254
    my routes are on the 192.198.1.0/24 network:
    10.141.254.0/24 via 10.141.254.254
    and on the 10.141.254.0/24 network:
    192.168.1.0/24 via 192.168.1.1

    ping is 32 milisec

    if i olso had 172.178.1.0/24 beheind the 10.141.254.0/24 network
    then on the 192.168.1.0/24 network this route had to be add
    172.178.1.0/24 via 10.141.254.254
    and on the machine with 10.141.254.254 there has to be a route to 172.178.1.0/24 then
    and from 172.178.1.0/24 there must be a route back to 192.168.1.0/24 via the gateway that has contact with the 10.141.254.0/24 network


Locked