Ruleset/Routing between Sites and Clients

stewie · 06-27-2009, 07:52 AM

hola!

My Setup:
Two UTs (UT1 and UT2) connected through siteVPN (UT1 is the Server). Each one with his own LAN (LAN1 and LAN2). Everything between this two sites is running lovely (accept vpn reinitions every ~45min).
Now i'm trying to setup clientVPNs. The Client (WinXP 172.16.0.9) connects, but i can't reach (ping) a W2K3 (192.168.201.1) in LAN2 behind UT2. This Server is reachable from LAN1.

I dumped my ping at UT1:
16:36:06.248045 IP 172.16.0.9 > 192.168.201.1: ICMP echo request, id 1024, seq 50688, length 40
and at UT2:
16:36:07.281408 IP 172.16.0.9 > 192.168.201.1: ICMP echo request, id 1024, seq 4609, length 40
16:36:07.281501 IP 192.168.201.1 > 172.16.0.9: ICMP echo reply, id 1024, seq 4609, length 40

The Server in LAN2 replies, but the reply is stopped on the way back to UT1.

What I tried:
- different Firewall and packetfilter rules.
- disabled firewall on UT1 and UT2
- added static route on UT2 for the ClientVPN Network

What am I doing wrong?

saludos

stewie

stewie · 06-27-2009, 08:36 AM

I checked the routing on UT2 and didn't find my GUI settings.

Code:

# ip r a 172.16.0.0/24 via 192.168.202.6 dev tun0

with this i forced my static route.

Whats wrong with my static route by GUI?
Target: 172.16.0.0 (IP Pool for clientVPN)
Netmask: 255.255.255.0
Gateway: 192.168.202.6 (same as the system route for LAN1)

lordcom · 06-27-2009, 05:10 PM

As far as I know, U can't use the same internal ip range for this to work.

06-27-2009, 07:52 AM	#1 (permalink)
stewie Untangler Join Date: Jun 2008 Posts: 70	Ruleset/Routing between Sites and Clients hola! My Setup: Two UTs (UT1 and UT2) connected through siteVPN (UT1 is the Server). Each one with his own LAN (LAN1 and LAN2). Everything between this two sites is running lovely (accept vpn reinitions every ~45min). Now i'm trying to setup clientVPNs. The Client (WinXP 172.16.0.9) connects, but i can't reach (ping) a W2K3 (192.168.201.1) in LAN2 behind UT2. This Server is reachable from LAN1. I dumped my ping at UT1: 16:36:06.248045 IP 172.16.0.9 > 192.168.201.1: ICMP echo request, id 1024, seq 50688, length 40 and at UT2: 16:36:07.281408 IP 172.16.0.9 > 192.168.201.1: ICMP echo request, id 1024, seq 4609, length 40 16:36:07.281501 IP 192.168.201.1 > 172.16.0.9: ICMP echo reply, id 1024, seq 4609, length 40 The Server in LAN2 replies, but the reply is stopped on the way back to UT1. What I tried: - different Firewall and packetfilter rules. - disabled firewall on UT1 and UT2 - added static route on UT2 for the ClientVPN Network What am I doing wrong? saludos stewie

06-27-2009, 08:36 AM	#2 (permalink)
stewie Untangler Join Date: Jun 2008 Posts: 70	UT routing issue? I checked the routing on UT2 and didn't find my GUI settings. Code: # ip r a 172.16.0.0/24 via 192.168.202.6 dev tun0 with this i forced my static route. Whats wrong with my static route by GUI? Target: 172.16.0.0 (IP Pool for clientVPN) Netmask: 255.255.255.0 Gateway: 192.168.202.6 (same as the system route for LAN1)

06-27-2009, 05:10 PM	#3 (permalink)
lordcom Untangler Join Date: May 2008 Location: Falun, Sweden Posts: 61	As far as I know, U can't use the same internal ip range for this to work. __________________ I don't know what I'm doing! I just do it! So take what I'm saying with a grain of salt...