Networking :: Routing For A VPN Gateway Setup?
Dec 17, 2010
I've been trying to setup an IPSec connection between two routers, but am having trouble with the actual packet routing.
My setup currently is two local networks (192.168.1.0/24[netLANA] and 192.168.0.0/24[netLANB]) that are connected to their own routers (192.168.1.1 and 192.168.0.1 respectively). The routers are both connected to the 194.26.1.0/24[netWAN] network. I wish to setup an IPSec connection between the two routers, to act in tunnel mode between the two local networks.
The first router is a linux box (on the netLANA network) that I am setting up using the ipsec-tools, and the other is a Netgear ProSafe FVS318G (on the netLANB). I've set them both up to have the same configuration for IPSec. Also, on the linux router I have setup a route like this:
Code:
$ route add -net 192.168.1.0/24 wlan0
So that all traffic destined for the netLANB network will be routed to the wlan0 interface (netWAN in this case, and therefore over the tunnel).
My problem is that if I ping from any host on netLANA, I can see the ICMP reply comes back to the linux router, but it doesn't get back to the original host.
From the linux router, here is the tcpdump of the ping:
Code:
$ tcpdump -n -S -i any
17:06:26.308353 IP 192.168.0.5 > 192.168.1.4: ICMP echo request, id 1036, seq 1, length 64
17:06:26.308780 IP 194.16.1.6 > 194.16.1.5: ESP(spi=0x0ea08914,seq=0x2f), length 116
17:06:26.316287 IP 194.16.1.5 > 194.16.1.6: ESP(spi=0x0be1036c,seq=0x2f), length 116
17:06:26.316287 IP 192.168.1.4 > 192.168.0.5: ICMP echo reply, id 1036, seq 1, length 64
[Code]....
View 2 Replies
ADVERTISEMENT
Sep 3, 2010
Im having a issue with routing internet traffic from my router two different subnets (vlans).
Theres my setup:-
Server:
Both eth0,1 are running dhcp (two scoopes) that works fine!
The output of route -n is:
I have ip_forwarding on aswell, but i can ping the ip on the server running that dhcp scoope ie ping 192.168.4.1 works great but i just cant get the internet on the clients.
View 8 Replies
View Related
Feb 5, 2010
My Laptop is connected to 2 different network (Wireless "gateway 10.170.8.1" ;cable wired "gateway 192.168.1.1")the gateway 192.168.1.1 is the default i want all application like firefox that connect via http and https port 80 and 443 to use the gateway 10.170.8.1)
else to use the default gateway
View 1 Replies
View Related
Apr 16, 2011
To be able to use my 3g connection from my laptop I am using Azilink.Azilink work by setting up a little Openvpn server on your smartphone then you connect to your smartphone from your laptop with OpenVPN.From there what i wanted was to use a second VPN connection to an external Linux host and redirecting all my traffic to that tunnel... (redirect-gateway + iptables)It is working but partially..Here is the way I connect through my phone (all steps are I think important for the routing issue...)
1) I plug the phone then a usb0 interface is created with the 192.168.239.5 ip adress (my phone is 192.168.239.4)Then adb connect 192.168.239.4
2) I have to enable a port forward on my phone adb forward tcp:41927 tcp:41927
3) I run the openvpn script (to connect to my phone on wich i have launched Azilink)
So Openvpn connect to 127.0.0.1:41927 (to my phone) From there I have a Initialization Sequence Completed
At this time I am connected through 3G via my smartphone to the Internet..And as you imagine i don't want to enter all the IP adresses of Internet minus RFC1918 manually via route command.I think the problem comes from the fact that when i do the route add default gw 10.8.0.5 it is overwritting all the routes required to establish the first and the second connection am i right? Could someone help me solve that issue ?
View 2 Replies
View Related
Jul 24, 2011
I have setup a second machine with slackware 13.37, it is a "supermicro" which I picked up though my work. the idea was to set it up as a gateway and gradually expand my knowledge of sub networking, iptables, forwarding and the like. after a couple nights of forum searching and "o'reilly" book reading I am still unable to get a proper route working thru the "supermicro" to our dsl router.
What is setup?: I will start from my main machine simply calling it slackbox
slackbox: has two ethernet cards which i have given static ip's to
eth0 192.168.2.16 and eth1 192.168.3.11
eth0 (192.168.2.16) is connected to a switch and then to our dsl router, it is working, I am using right now to work on this forum.
eth1 (192.168.3.11) is connected to the "supermicro" thru a cross-over cable, it also is working, pinging the "supermicro" works.
default gateway on slackbox is set to be 192.168.3.10 (the supermicro)
I only set slackbox's default as 192.168.3.10 when testing to see if the supermicro gateway will work
supermicro: also has two ethernet cards which i have given static ip's to
eth0 192.168.3.10 (this is the card with the cross-over cable connected)
pinging 192.168.3.11 (the slackbox) works.
eth1 192.168.2.24 is connected to our switch as well, it is working, pinging our dsl router works.
default gateway on supermicro is set in rc.inet.conf to be 192.168.2.1 (which is our dsl router)
All my machines have two ethernet cards. This has just made it easy for me to test the setup while still having internet access on slackbox. Yet when testing the gateway from slackbox thru supermicro I am getting "Destination Host Unreachable".
View 13 Replies
View Related
May 11, 2010
setup 2 gateway in my email server(opensuse).
now i wan to setup 2 internet lines for my email server, which mean that either one of the line is down, i still can receive mail from another line.
Example
Internet line 1 = ISP1
Internet line 2 = ISP2
my email server got 3 nic which...
eth0 = 192.168.1.2 (255.255.255.0) (from ISP1 GW 192.168.1.1)
eth1 = 192.168.2.2 (255.255.255.0) (from ISP2 GW 192.168..2.1)
eth2 = 168.168.1.2 (255.255.0.0) (connect to local LAN)
now existing GW set on the server is 192.168.1.1, mail receive and send through ISP1. now we wish to set somethings that once the ISP1 line is down, the server will auto switch to ISP2 gateway and continue send and receive mail without manually change of settings
View 9 Replies
View Related
Jan 18, 2011
I have a temporary system up with wlan0 and eth2.
I want the eth0 address to be the gateway for accessing the internet on wlan0.
How do I setup static routes?
I'm not too keen with networking...
Code:
View 1 Replies
View Related
Dec 10, 2010
When I try wget URL... I get failed: connection timed out.I have created br0 as a bridge over eth0 to run this VM. The host has this IP 172.30.8.135.The host has access to internet through eth0 and this is the output of route inside the host.
View 1 Replies
View Related
May 29, 2011
I have been searching google for a while now and have not found exactly what I am looking for. I would like to use my fresh install of ubuntu server 11.04 as my router/gateway for my home. I am not an expert at linux by any means but I can usually figure stuff out. I believe I need iptables, bind, and a few others probally. It eventually will also be a samba server but I have done a little with samba before. I do have 2 network cards, my router at the moment is starting to die and would love to have a more powerful router. I would also like to figure out how to do port forwarding in the router, as well as be able to see the load on the network cards. Maybe there is a program to show usage by user? As well as be able to do packet pritorization.
View 4 Replies
View Related
Sep 13, 2009
I have 1 root-server with 2 NICs, both having their own internet IP addresses:
Code: eth0 = 8x.x.x.183
eth2 = 8x.x.x.205 We only have one gateway on that network:
Code: gateway = 8x.x.x.1 We want to use eth2 for postfix + http, and eth0 for all the other stuff.
How can this be setup ? With route / ip route / iptables ?
View 1 Replies
View Related
Jul 29, 2011
I'm trying to setup routes for a gateway that resides on a different subnet. Our ISP leased us a block of IPs and told us to route through the current gateway, which is on a different subnet than our current block of addresses. To test, I've enabled one of the new addresses on one of the existing machines, which works. That machine has an address on the same subnet as the gateway, however.
The gateway address is 24.111.1.177 One of the new addresses I'm trying to use is 96.2.192.130, netmask= 255.255.255.240, broadcast= 96.2.192.143 Obviously, I can't just specify that gateway in /etc/network/interfaces without some routing, which is where the trouble I'm having is. The machine I'm trying to set this up on is part of 2 networks - one internal, on two different NICs.
[Code]...
View 8 Replies
View Related
May 12, 2010
I have 17 system (sys1,sys2,sys3.....sys17) in my office, and i am willing to setup a dedicated system to act as a firewall for that i have selected sys1 with two NIC(eth0 for local network and eth1 for internet) and i have configured to access internet in my office for that i have opened a wellknown port 80.but my clients are not accessing the internet..
and please check my sample IP configuration !!!
interface : eth1 (ISP IP)just for example
IP :192.168.0.2
gateway:192.168.0.1
dns:202.56.230.5
dns:202.56.230.6
Interface : eth0 (my local lan )
192.168.1.1
255.255.255.0
IP address of xp clients ranges form 192.168.1.2 to 192.168.1.16 with default 255.255.255.0
my question is that which gateway address and dns i have to give to my clients for accessing internet ?...
View 1 Replies
View Related
Apr 6, 2010
I have a firewall, this consists of three NIC's:
Code: eth0[192.168.0.2] eth1[192.168.1.2] and eth2[10.10.165.2]
I am trying to ping eth0 from eth2, but I am not able to succesfully get a response from pinging the device, I am using:
Code: ping 192.168.0.2 -I eth2
I have tried to insert routing data into the routing table, but it still doesn't work
View 2 Replies
View Related
Feb 15, 2010
What exactly does gateway in a route refer to? I know what a default gateway is- it's the route of last resort. But used in context of a host route (with destination specified), what is a gateway and why is it important?
View 5 Replies
View Related
Jul 7, 2011
I am trying to make my fedora 15 my gateway instead of my old D-Link, but I can't seem to get it working.
View 5 Replies
View Related
Sep 1, 2009
Background: Took a while to get this working correctly, so figured I'd save you all some time... I (finally) received the beta invite from iPredator. I wasn't happy with the NetworkManager-pptp implementation, I'm running the stock kernel, I stopped the NetworkManager service at this point.
Goals:
1. To be able to control the PPTP tunnel from a remote location over ssh
2. To have services I run from my box accessible via my public IP on the internet (sshd, httpd etc) whilst the tunnel is up
3. To route all Torrent traffic from Vuze out of the encrypted PPTP tunnel, and have it return over that interface
4. To route all other traffic, by default, to my ISP unencrypted
5. To block all Vuze traffic if the tunnel is down
Method:1. PPP config
First, I entered my login details (altered in the below output, of course!!) into chap-secrets and then used "chmod 600 chap-secrets" to make it read/write for root only:
Next, I created a peer file (644 permissions) for the VPN connection, the file name has to match the "iPred" I used above:
I stuck with the defaults in /etc/ppp/options.pptp
To initiate the tunnel, I use: pppd call iPred mtu 1435 mru 1435 persist nolog
Regarding the options used... I'll get onto the MTU/MRU later, persist has the tunnel attempt to reconnect 10 times if it drops, nolog reduces the high volume of syslog messages. The logs for the connection process are written to /var/log/messages, interface ppp0 was created and routing entries were set up (internal network stuff has been cut out below; we'll call 192.168.100.104 my WAN IP, though I've got a static internet-routable IP and wanted to mask it here). The (dynamic) endpoint of the tunnel is 93.182.164.2: you need two routes to this, one via eth0 (my WAN interface) for internet routing of the encrypted packets, and one through the tunnel itself to tunnel and encrypt the traffic:
References:[url] [url]
2. Firewall Setup
I'm a "belt-and-braces" kinda guy ("belt-and-suspenders" if you're from the US), and I've got a custom firewall setup. As I've brought a new interface into the equation, I needed to add some rules.
In order, the rules:
A. NAT the outgoing packets to the ppp0 interface IP
B. Allow established sessions back in
C. Allow the default ports for Vuze through, even if unsolicited, on port 63255 (TCP and UDP)
D. Drop traffic that originates from Vuze (identified by the IP of interface lo:0, which we'll see later) if it tries to exit via eth0 (useful if the tunnel drops or hasn't yet been started)
You can view the rules in place by issuing: iptables -nL
References:man iptables [url]
3. Routing Setup
Obviously, I didn't know who the Vuze peers are going to be and setting a default route via ppp0 means that all traffic would be encrypted. Instead, I created a new, distinct, routing table called IPRED in iproute.
Then I added a default route, via ppp0, into the IPRED routing table and checked that it was there:
The main (default) routing table is still there and has it's routes:
4. Traffic Identification
I tried setting the DSCP (ToS) in Vuze, but that didn't make it into the packets (checking the output packets with Wireshark). So, I created a new Loopback interface lo:0 on my box (later I entered this line into /etc/rc.local so it'll survive a reboot):
I then added a rule to pass traffic from this new lo:0 IP to the IPRED table:
There are a number of other ways to pick out traffic with "ip rule", but this seemed the most elegant solution in this situation.
5. Vuze Config
I looked down the list for the local IP addresses, then bound Vuze to the lo:0 interface which, in Vuze, is lo[1]
Whilst in here, I also dropped the Line MTU to 1435. You'll notice that this matches the MTU and MRU set when using pppd to establish the tunnel... I'm on DSL and have the MTU set to 1478 for the DSL link, the difference between the 1478 and 1435 is the overhead of the additional headers used with PPTP tunnelling (both PPP and GRE headers encapsulate the packets). With the MTUs set up in this way, I shouldn't get any fragmentation of packets on the link, packets with the DontFragment bit set shouldn't get dropped. I gave Vuze a restart.
6. Verifying Operation
I closed any apps that were using the internet, fired up Vuze, loaded a torrent, then opened two Wireshark windows.... Started Wireshark#1 on the eth0 WAN interface and Wireshark#2 on the ppp0 tunnel interface. I saw a long list of PPP and GRE packets (in white) scrolling on the eth0 window, showing that Vuze is going through the tunnel. Checking the ppp0 Wireshark window, I saw the actual Vuze traffic on the ppp0, with SYN's, ACK's, http packets etc as it's being sent down/back through the tunnel.
Starting firefox and visiting www.whatismyip.com, the IP reported was my eth0 address, I saw the http traffic on Wireshark on eth0. Starting e-mail, I saw the packets on eth0.
Dropping the tunnel, I checked Vuze, saw that torrents had stopped and confirmed that I couldn't connect to the net with it.
7. DNATing
Reconnecting everything, I sat and watched the Wireshark outputs on ppp0 and eth0 for a while to make sure everything was working. I noticed that the ppp0 interface was creating a lot of ARP requests for external IP's and sending them out, unencrypted, through eth0 - BAD news!! I'd forgotten that I would need to Destination NAT the unsolicited inbound connections... D'Oh!
As the unsolicited inbound connections are directed at the internet-routable tunnel IP of ppp0, we need to point these to the lo:0 interface that Vuze is listening on. Replies to these will be NAT'd back to the ppp0 address by the MASQUERADE rule we've already entered in iptables and, since the source IP will 172.27.72.64, the packets will match the ip rule pointing them to the IPRED routing table, thus they won't generate ARP requests.
Retrying everything with the firewall updated, everything is working 100% :-D
8. Misc
As the iptables rules have been saved, and lo:0 will survive a reboot in /etc/rc.local, the only commands that need to be run each time you want to bring up the tunnel are (easily scripted with a sleep statement of about 10 seconds after pppd call...):
And, if you wanted to just send all traffic over ppp0, this would be:
Conclusion: I love Linux, an intellectual challenge, having complete control over my PC; iPredator rocks and I hope this howto is of use to anyone running Fedora and iPredator :-D
View 4 Replies
View Related
Feb 23, 2010
After editing my network connections gateway setup as 192.168.1.1 I get back 0.0.0.0 after I run nm-tool. I'm using Ubuntu ver 9.04 setup on my VMware server.
View 1 Replies
View Related
Mar 25, 2010
I have set up qmailtoaster as a gateway for exchange.
my smtproutes contain this:
thedomain.com:mail.exchange.com
and my rcpthosts contain:
thedomain
The problem I am facing now is, the exchange was able to send mails through me alright. But when mails come in, qmailtoaster is suppose to forward the mails to the exchange server but it is not, rather the mails are sitting in the toaster's queue.
View 2 Replies
View Related
Mar 1, 2011
I've set up a Lan-to-Lan (routed) OpenVPN tunnel. For redundancy I want to set up a second VPN tunnel on a fallback gateway/firewall on the client side. Currently, both sides (server/client) know how to route packets across each others physical LAN. So no NAT is used. When the primary gateway (fw1) is connected to the VPN server all traffic runs via the fw1 tunnel. Than when the secondary gateway (fw2) connects to the VPN server and fw1 is still connected all traffic for fw1 will be delivered to fw2 and effectively destroying traffic intended for fw1. This is of course no problem if I first shutdown (fence) fw1, than set up fw2 to use the gateway IP address from fw1 and set up the VPN tunnel to the VPN server. Effectively replacing fw1 with fw2 on the client side.
However, I can't seem to find a decent howto.
I am also exploring the possibility to let both tunnels active and let OpenVPN (or another tool) decide how to route packets back and forth the different LANs. A virtual IP between two gateway's both running a VPN or something similar. This would be the preferred method of course. However, I don't know how to tackle this one but I'm pretty sure there are people out there who are happy to share their 2 cents.
View 3 Replies
View Related
Jun 8, 2010
i know exactly what i need to do, im just not familiar enough with command line to do it properly.i have 7 computers.the first 4 are connected to a router via wireless at one end of the house. of the last 3 only 1 will be able to access the router via wireless, so it needs to share it's one wireless connection via ethernet. this computer i'm going to call 'server'server will have two IP'swlan0 192.168.1.6 this connects to the router that has internet access.eth0 i intend to have the following settingsip:192.168.0.1sub: 255.255.0eth0 will connect to a second router, where the cat5 cable goes from the server, into the internet port of the router where i will define the router's static IP:IP: 192.168.0.100sub: 255.255.255.0gateway 192.168.0.1i have then set the router IP for LAN handling as 192.168.27.1 and all ethernet connections will have a 192.168.27.x IP.
so i need to know how to, without a gui application, use the terminal to assign server eth0 a proper IP address, and tell the server to take the connection it has and share it through eth0 to supply internet for the last 2 computers via ethernet.i had it set up in this way with a windows machine being the one that had the wifi access, but i'd rather have it setup for the ubuntu server to do this task. security is imperative for these 3 remaining machines, so just getting 2 more wifi adapters for a connection to the initial router isn't an option.the 2 that connect to server do so through SSH and though server IS connected via wireless it only makes outward connections through
View 1 Replies
View Related
Sep 6, 2010
My setup is...I have a wireless access point using laptop as a gateway. The AP is also connected to a switch as is the laptop. So the laptop has two interfaces one wireless and one wired. A third device is using the AP to connect to a server on the internet. The AP sends the packets to my laptop where they are dropped. I've been looking for a solution to this problem without success. Basically is there a way for my laptop to forward all packets it sees from a certain IP address to whatever destination address they have?To clarify, my laptop is just the gateway of the AP and none of the packets are addressed to it at all, it just picks them up using a sniffer or similar tool.
View 1 Replies
View Related
Mar 10, 2011
I have a pc with debian 6 (without GUI) installed on it and want to use it as server at home. It has 2 ethernet nics. Now i want to configure the routing process. Searched internet for a long time found something but couldn't get it work.
View 8 Replies
View Related
Feb 17, 2010
When setting up an SSH proxy, I know you can configure Firefox to route DNS requests through the proxy. Is this possible from linux directly? I'm trying to use wget through the proxy, including DNS lookups.
View 3 Replies
View Related
Jun 26, 2010
I have two subnets which I am interested in connecting.
Some basic network details:
Subnet A:
Subnet B:
I am trying to think of any further relevant details, but that seems to be it to me. If I forgot anything, please tell me.
Ok the question. WHAT do I type? (Explicitly!) And WHERE do I type it? In order to reach ubuntu-01.tec.lan, or ubuntu-02.tec.lan from perpetrator.tec.lan or rapine.tec.lan?
I'm interested in using actuall ROUTES. I can already achieve results similair to this with either a NAT firewall, or with VPN.. but that's not what I am interested in.
From what I have found out so far, I should need something like the following:
On Gateway 1B:
Code:
And on Gateway 1A:
Code:
View 5 Replies
View Related
May 14, 2010
I'm newbie to Wireless. Currently I try to implement EAP-TLS but firstly I need to get the hardware work, allow Access Point to Route from Wireless to Wire (LAN DNS server).
View 4 Replies
View Related
Apr 22, 2010
I am having some trouble setting up routing on my Ubuntu 9.10 Server. I have the GUI installed with Webmin and OpenVPN Heres the setup :
1 NIC - WAN - eth0 - IP: 146.231.x.x SUBNET: 255.255.252.0
1 NIC - LAN - eth1 - IP: 192.168.1.1 SUBNET: 255.255.255.0
1 NIC - ADSL - eth2 - dynamic
What I need to do is the following.
All users are connected to the LAN.
All requests for IP range "146.231.x.x", and "domain.com" need to be routed from LAN (eth1) to WAN (eth0).
All other internet requests need to be routed to ADSL (eth2).
-> I have the masquerading in the linux firewall working for NAT, but all traffic goes to ADSL (eth2).
-> I am using OPEN-VPN over the ADSL also.
-> DHCP and DNS work fine.
I also need all ports opened with the route (from eth1 to eth0)
View 1 Replies
View Related
Mar 3, 2009
I want to use tab networking in my kvm with routing.Can any one guide me how i can do it. i have been reading different guides over the net but not understand any one clearly.I have read this[URL].. One problem is this all my server are remote and no gui is running.I am able to install kvm with ssh console with -nographic and -x "console=ttyS0" option now i want to change from bridging to tap networking with routing.And i have live ip on kvm guest/Virtual machine.
View 1 Replies
View Related
Feb 20, 2010
IN LAN default GW box I have a routing rule of 172.17.1.0 192.168.180.100 255.255.255.0 UG 0 0 0 eth3 that sends packets matching 172.17.1.0/24 to eth3 etc. When I ping 172.17.1.50 - it goes correctly when ping is issued in the same box (LAN GW) - falls through to default rule when the ping is done in LAN's boxes i.e. it goes to the LAN GW box and then to Internet incorrectly instead of going to eth3 and 192.168.180.100.
Is there any way of seeing why the packet matches or not the routing rules?
View 14 Replies
View Related
Feb 16, 2011
I have a network routing problem that I need to fix using a PC with ubuntu installed.
Here are the details of my problem:
- I have two networks.
- The first network is an ADSL router with subnet 192.168.1.x. I do not have access to the router nor change any of its configuration.
- The second network has a subnet 172.26.x.x and connect via a wireless access point. Some of the devices connected to the network require to have static IPs.
- I have a PC with ubuntu installed and two ethernet cards: one connected to the first network and the other connected to the access point.
- I need to share the internet connection between the two networks using ubuntu. I already tried before on windows and the sharing worked when both networks were configured to use the same subnet. Once I changed the subnet of the second network, internet sharing stopped working.
View 1 Replies
View Related
Feb 24, 2011
I have two linux boxes running RHEL 5.5 with internal ip addresses 10.0.0.114/24 and 10.0.0.118/24, and usual gateway 10.0.0.1. There's an apache listening on both ports 80 and 443 for several websites. This works nice, but the feature for load balancing has to be added. For this, externally, but in the same subnet, a hardware device has been placed for load balancing (we call it "F5"), with internal ip 10.0.0.152 (vrrp for 10.0.0.153 and 10.0.0.154). There's a service address that does NAT via round robin to the servers, 10.0.0.208, managed by the F5 balancer.
If I set as gateway the ip 10.0.0.152 in both nodes, I can use the service address for browsing http and https, *BUT* at a cost that ssh and any other connections, at OS logging level, come from 10.0.0.1, which is innaceptable (i.e., I can' set proper security, regardless the F5 is badly configured), so I have to find another way for this. So, I thought of using iptables mangling capabilities, and my thought is that just changing the default route of the incoming http(s) traffic, everything should be ok. I've done the following:
- Create a table called "F5":
# cat /etc/iproute2/rt_tables
[...]
#1 inr.ruhep
#
[code]....
If I tweak the hosts file in my M$ workstation to test individual access for each server, I can browse the websites with no problem, but if I set the service IP address, I get an error "Document contains no data" in the browser after just a few seconds. Apache logs show nothing in its logs. I can see packets arriving, but seem to go in a loop. I can provide some output, but since surely I'm making some mistake in the process, if I get help with the proper knoweledge about how to fix it, the problem will be solved. But if still someone needs it, I can provide more data.
View 5 Replies
View Related
