Re: Network config question
From: Jason Dixon (jason_at_dixongroup.net)
Date: 08/25/03
- Previous message: Jay Mallar: "Network config question"
- In reply to: Jay Mallar: "Network config question"
- Next in thread: Sean Estabrooks: "Re: Network config question"
- Reply: Sean Estabrooks: "Re: Network config question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: Red Hat Mailing List <redhat-list@redhat.com> Date: 24 Aug 2003 18:06:43 -0400
On Sun, 2003-08-24 at 17:45, Jay Mallar wrote:
> I have a networking issue I need some help with.
>
> I use 192.168.0.10 to connect via VPN to my office. When I do so, the
> VPN software automatically excludes my local intranet traffic, so
> 192.168.0.10 can no longer see my internal network. The rest of my
> local net is unaffected but can no longer see 192.168.0.10 - and this
> is my main issue - because 192.168.0.10 is disconnected from the local
> intranet, the other machines can no longer access my printer.
>
> After connectiong to the VPN:
>
> # route
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref
> Use Iface
> 192.168.0.0 * 255.255.255.0 U 0 0
> 0 eth0
> 169.254.0.0 * 255.255.0.0 U 0 0
> 0 eth0
> 127.0.0.0 * 255.0.0.0 U 0 0
> 0 lo
> default <namehidden> 0.0.0.0 UG 0 0
> 0 eth0
>
Therein lies the problem. You've setup your routing so that when the
VPN connection is active, all traffic is routed through the VPN, even
your local LAN traffic. This is something I routinely run into while
setting up IPsec for wireless Windows systems. In my circumstance, I
have to do what I refer to as "reflection", where I "bounce" all traffic
off the VPN gateway, back into the LAN. All LAN hosts also have a
static route pointing LAN traffic through the gateway, rather than
delivering on the local segment.
Yours should be easier to fix. If possible, change your VPN routing so
that only traffic on the far end of the VPN tunnel is routed through
your VPN connection. If, for example, the remote network is
10.0.0.0/24, you'll want a static route for that block to head out the
VPN gateway.
If that doesn't work, you should be able to override your LAN route with
a simple static route on this host back to itself. Something like this
should work:
route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.0.10
If it doesn't work, the "reflection" trick is still possible, but seems
a bit complex for your situation. Please let me know how this works for
you.
-- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net -- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Jay Mallar: "Network config question"
- In reply to: Jay Mallar: "Network config question"
- Next in thread: Sean Estabrooks: "Re: Network config question"
- Reply: Sean Estabrooks: "Re: Network config question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
