FC9 Linux gateways, VPN working, IP forwarding isn't
Hi folks.
I've given up on openswan because it won't work though my ADSL router. I've now got a very simple ppp-over-ssh VPN working using the following script /usr/sbin/pppd updetach noauth passive pty "ssh $HOST -P -o Batchmode=yes /usr/sbin/pppd nodetach notty noauth" $LocIP:$RemIP I'm using 192.167.127.1 and .2 for the VPN My local LAN is 10.6.0.0/16 and the remote is 10.1.0.0/16 The VPN works, and from each end I can ssh to the remote end using either it's 192. or 10. IP address. On each gateway, and on the test hosts on each LAN I have set up the appropriate routes. On each gateway I have enabled IP Forwarding by running sysctl -w net.ipv4.ip_forward=1 and made it permenant by editing /etc/sysctl.conf. I even rebooted to make sure. However, I cannot get anything to work except gateway to gateway. Anything behind the gateways cannot get past their local gateway. Anyone know what I've missed? -- Gary Stainburn This email does not contain private or confidential material as it may be snooped on by interested government parties for unknown and undisclosed purposes - Regulation of Investigatory Powers Act, 2000 -- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list |
FC9 Linux gateways, VPN working, IP forwarding isn't
Hi folks.
I've given up on openswan because it won't work though my ADSL router. I've now got a very simple ppp-over-ssh VPN working using the following script /usr/sbin/pppd updetach noauth passive pty "ssh $HOST -P -o Batchmode=yes /usr/sbin/pppd nodetach notty noauth" $LocIP:$RemIP I'm using 192.167.127.1 and .2 for the VPN My local LAN is 10.6.0.0/16 and the remote is 10.1.0.0/16 The VPN works, and from each end I can ssh to the remote end using either it's 192. or 10. IP address. On each gateway, and on the test hosts on each LAN I have set up the appropriate routes. On each gateway I have enabled IP Forwarding by running sysctl -w net.ipv4.ip_forward=1 and made it permenant by editing /etc/sysctl.conf. I even rebooted to make sure. However, I cannot get anything to work except gateway to gateway. Anything behind the gateways cannot get past their local gateway. Anyone know what I've missed? -- Gary Stainburn This email does not contain private or confidential material as it may be snooped on by interested government parties for unknown and undisclosed purposes - Regulation of Investigatory Powers Act, 2000 -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines |
FC9 Linux gateways, VPN working, IP forwarding isn't
On Fri, Jan 23, 2009 at 7:55 PM, Gary Stainburn <gary.stainburn@ringways.co.uk> wrote:
Hi folks. I've given up on openswan because it won't work though my ADSL router. I've now got a very simple ppp-over-ssh VPN working using the following script /usr/sbin/pppd updetach noauth passive *pty "ssh $HOST -P -o Batchmode=yes /usr/sbin/pppd nodetach notty noauth" *$LocIP:$RemIP I'm using 192.167.127.1 and .2 for the VPN My local LAN is 10.6.0.0/16 and the remote is 10.1.0.0/16 The VPN works, and from each end I can ssh to the remote end using either it's 192. or 10. *IP address. On each gateway, and on the test hosts on each LAN I have set up the appropriate routes. On each gateway I have enabled IP *Forwarding by running sysctl -w net.ipv4.ip_forward=1 and made it permenant by editing /etc/sysctl.conf. I even rebooted to make sure. However, I cannot get anything to work except gateway to gateway. Anything behind the gateways cannot get past their local gateway. Anyone know what I've missed? I guess its normal not to pass because the next gateways dont "know"* what 10.x/192.x ips are. I think either you have to export those IPs to the next gateways either you enable nat for each VPN, smth like iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE (fastest way) where eth0 is your interface for internet. -- Gary Stainburn This email does not contain private or confidential material as it may be snooped on by interested government parties for unknown and undisclosed purposes - Regulation of Investigatory Powers Act, 2000 -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines |
FC9 Linux gateways, VPN working, IP forwarding isn't
On Saturday 24 January 2009 10:06:01 Giany wrote:
> I guess its normal not to pass because the next gateways dont "know" what > 10.x/192.x ips are. > I think either you have to export those IPs to the next gateways either you > enable nat > for each VPN, smth like iptables -t nat -A POSTROUTING -o eth0 -j > MASQUERADE (fastest > way) where eth0 is your interface for internet. The routing isn't the problem. Local gateway eth0 10.6.1.1 ppp0 192.168.127.2 Remote gateway eth0 10.1.1.6 ppp0 192.168.127.1 Local routes add -net 10.1.0.0/16 gw 192.168.127.1 traceroute from local gateway to 10.1.1.1 gets as far as 192.168.127.1 and stops -- Gary Stainburn This email does not contain private or confidential material as it may be snooped on by interested government parties for unknown and undisclosed purposes - Regulation of Investigatory Powers Act, 2000 -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines |
FC9 Linux gateways, VPN working, IP forwarding isn't
On Sat, Jan 24, 2009 at 12:51 PM, Gary Stainburn <gary.stainburn@ringways.co.uk> wrote:
On Saturday 24 January 2009 10:06:01 Giany wrote: > I guess its normal not to pass because the next gateways dont "know" *what > 10.x/192.x ips are. > I think either you have to export those IPs to the next gateways either you > enable nat > for each VPN, smth like iptables -t nat -A POSTROUTING -o eth0 -j > MASQUERADE (fastest > way) where eth0 is your interface for internet. The routing isn't the problem. Local gateway * * * * * eth0 10.6.1.1 ppp0 192.168.127.2 Remote gateway *eth0 10.1.1.6 ppp0 192.168.127.1 Local routes add -net 10.1.0.0/16 gw 192.168.127.1 traceroute from local gateway to 10.1.1.1 gets as far as 192.168.127.1 and stops If you say ip_forward is enabled then either there is a routing problem or some firewall issue. -- Gary Stainburn This email does not contain private or confidential material as it may be snooped on by interested government parties for unknown and undisclosed purposes - Regulation of Investigatory Powers Act, 2000 -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines |
| All times are GMT. The time now is 07:15 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.