Re: Multiple vpn tunnels

On Mar 26, 10:16 am, Tauno Voipio <tauno.voi...@xxxxxxxxxxxxx> wrote:
said.ab...@xxxxxxxxx wrote:
Hello Folks,

I have the following situation:

VPN Tunnel 1 VPN Tunnel 2
81.129.39.9 ============ 59.20.93.49 ============= 93.48.28.27
Gateway A Gateway
B Gateway C

I need all clients coming from gateway C to be able to use the vpn
tunnel 1, so I have the following rule on Gateway B:

iptables -t nat -A POSTROUTING -s 93.48.28.27 -d 81.129.40.0/24 -o
eth0 -j MASQUERADE

But does not work, what I'm missing here?

Note: doing tcpdump host 93.48.28.27 on Gateway B and trying to ping
or telnet from Gateway C seems to work. I don't have access to Gateway
A, so I can't verify if the packets get to Gateway A.

I would really appreciate if you can help me fix this or find an other
job ;)

The masquerade may be an overkill, unless you need to limit
the visibility of the subnets to the other end of the tunnel.

Did you:

- tell gateway A that VPN tunnel 2 is reachable via VPN tunnel 1?
I don't have access to administration on Gateway A. The reason why we
need this is that we wanted to save time to use a temporary tunnel but
in the future (in couple months) they will provide us with a tunnel
between Gateway A and Gateway C.

- tell VPN tunnel 2 end that gateway A and the nets behind it
are reachable via gateway C?
It already knows that. tcpdump on gateway B shows that Gateway C is
talking to Gateway A via Gateway B.

- enable forwarding at gateway C?
Yes it is enabled.

--

Tauno Voipio
tauno voipio (at) iki fi

Thanks a lot for your reply :)

.

Relevant Pages

  • Re: IPSEC config
    ... Have you used ifconfig to setup the inside points of your gif tunnel? ... gifconfig only sets the outside IP addresses of your security gateways. ... Gateway A: ...
    (FreeBSD-Security)
  • Re: can internet gateway be on opposite side of a tunnel?
    ... > Can a machine use a host on the opposite side of an ipip tunnel as its ... > I have 2 LANs, a gateway in each, and an ipip tunnel between the ... A host in either LAN designates its local tunnel endpoint as ...
    (comp.os.linux.networking)
  • Re: Multiple vpn tunnels
    ... so I have the following rule on Gateway B: ... so I can't verify if the packets get to Gateway A. ... the visibility of the subnets to the other end of the tunnel. ... tauno voipio iki fi ...
    (comp.os.linux.networking)
  • Re: Tunneling through ssh
    ... I would like to tunnel ALL my traffic ... through ssh through that gateway. ... would you really trust it any more than you trust your current ... (You do realize that all the protocols you named will then go in cleartext ...
    (SSH)
  • Re: Who is using ipv6 ... where to start.
    ... can one get a routable IPv6 address? ... to get to your tunnel broker. ... gateway and the transport protocol happens to be IPv4, ... when someone tries to claim "but IPv4 is doing the routing") and you've ...
    (Fedora)