Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route thru VPN

    Scheduled Pinned Locked Moved
    Routing and Multi WAN
    2
    2
    4.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sharaz
      last edited by

      my current issue to solve, is how to route traffic from one LAN, to the other LAN, via the VPN.  the catch here, is the other LAN is not the destination… but the lan beyond (backend site, as we call it at my office.. i dont know if thats the official terminology).

      my network diagram:
      http://www.dfwlp.com/~jhorne/pics/network/Network-Diagram-20051221.1.jpg

      (at the bottom) the VPN between CERBERUS and CHIRON works fine.  all 192.168.125.0/26 traffic can get to any 192.168.125.64/26, and vice versa.  what i want, is to tell CERBERUS that any traffic destined for 10.0.0.0/22 needs to go down the VPN and be handed to CHIRON, who already has a static route and can talk to any 10.0.0.0/22 host.  when ZEUS pings 10.0.0.1:

      [root@zeus ~]# ping 10.0.0.1
      PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
      From 160.81.37.145 icmp_seq=0 Destination Host Unreachable
      From 160.81.37.145 icmp_seq=1 Destination Host Unreachable

      the internet router replys that the host is un-reachable, obviously that CERBERUS is processing this 'off-network destination' as non-vpn traffic.  however, if i add static routes (since i dont know which would work, i tried several.

      10.0.0.0/22 via 192.168.125.1 (local gateway)

      [root@zeus ~]# ping 10.0.0.1
      PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
      From 192.168.125.1 icmp_seq=0 Time to live exceeded
      From 192.168.125.1 icmp_seq=1 Time to live exceeded

      10.0.0.0/22 via 67.166.171.x (remote vpn endpoint)

      [root@zeus ~]# ping 10.0.0.1
      PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
      From 192.168.125.1 icmp_seq=0 Destination Host Unreachable
      From 192.168.125.1 icmp_seq=1 Destination Host Unreachable

      … and the same thing if i specify to go via CHIRON's LAN address or the DEVROUTERs LAN Address.

      what is the best/most effective way to accomplish this?

      Jonathan

      1 Reply Last reply Reply Quote 0
      • J
        jeroen234
        last edited by

        on ZEUS put in
        10.0.0.0/22 via 192.168.125.1 or default via 192.168.125.1
        on CERBERUS put in
        10.0.0.0/22 via 192.168.125.65
        on DEVROUTER put in
        192.168.125.0/26 via 192.168.125.65

        got here a 150 km ipsec vpn between 192.168.1.0/24 with localadress 192.168.1.1 and 10.141.254.0/24 with localadress 10.141.254.254
        my routes are on the 192.198.1.0/24 network:
        10.141.254.0/24 via 10.141.254.254
        and on the 10.141.254.0/24 network:
        192.168.1.0/24 via 192.168.1.1

        ping is 32 milisec

        if i olso had 172.178.1.0/24 beheind the 10.141.254.0/24 network
        then on the 192.168.1.0/24 network this route had to be add
        172.178.1.0/24 via 10.141.254.254
        and on the machine with 10.141.254.254 there has to be a route to 172.178.1.0/24 then
        and from 172.178.1.0/24 there must be a route back to 192.168.1.0/24 via the gateway that has contact with the 10.141.254.0/24 network

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.