I have carefully read the VPN HOWTO and still run into problems. It is
very possible that I just have things a little wrong and I am hoping you
can put me straight.
Situation (excuse the ascii art - IPs changed to protect the guilty):
Client (eth0 - 10.0.0.1) Server (eth1 - 111.111.111.2)
Gateway to remote Gateway to HQ main
office on network office on network
10.0.0.0 netmask 255.255.255.0 111.111.111.240 netmask 255.255.255.240
________ __________
| | | |
| ppp0 |________Internet________| eth0 (111.111.111.1)
| | | |
-------- ----------
| |
eth0 (10.0.0.1) eth1 (111.111.111.2)
| |
^^^^^^^ ____|_____
client | |
network | bastion|
| host |
(10.0.0.0 network) | 111.111.111.3
---------
The bastion host and eth0 and eth1 of the VPN server can be reached from
the internet (this is supposed to be a DMZ network). We want to create a
tunnel to the DMZ network. I start ppp on the client with:
/usr/sbin/pppd file /etc/ppp/options.vpn `cat /tmp/vpn-device` \
10.0.0.253:10.0.0.254
But when I add a route to network 111.111.111.240 all traffic stops over
the tunnel (non-tunneled traffic is still ok). If I *don't* add a route
to the DMZ network on the client but do add a route to the client network
(10.0.0.0) on the server, my bastion hosts can send data to the client
network over the tunnel, but anything coming back does not use the
tunnel. If I add a route on the client to the DMZ network at this point
things break again and nothing goes over the tunnel.
The last paragraph of the Pitfalls section (of the VPN HOWTO) about not
reaching the external interface of the VPN server over the tunnel makes me
wonder. In this scenario the network we are trying to reach isn't really
an internal network, it is the DMZ network. But I don't see how this
would matter.
Any ideas?
James Rich
james@eaerich.com
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
This archive was generated by hypermail 2b29 : Tue Oct 31 2000 - 21:00:34 EST