Re: Multiple vpn tunnels

---

• From: Tauno Voipio <tauno.voipio@xxxxxxxxxxxxx>
• Date: Mon, 26 Mar 2007 18:35:03 GMT

---

said.abdel@xxxxxxxxx wrote:

On Mar 26, 10:16 am, Tauno Voipio <tauno.voi...@xxxxxxxxxxxxx> wrote:

said.ab...@xxxxxxxxx wrote:

Hello Folks,

I have the following situation:

VPN Tunnel 1 VPN Tunnel 2
81.129.39.9 ============ 59.20.93.49 ============= 93.48.28.27
Gateway A Gateway
B Gateway C

I need all clients coming from gateway C to be able to use the vpn
tunnel 1, so I have the following rule on Gateway B:

iptables -t nat -A POSTROUTING -s 93.48.28.27 -d 81.129.40.0/24 -o
eth0 -j MASQUERADE

But does not work, what I'm missing here?

Note: doing tcpdump host 93.48.28.27 on Gateway B and trying to ping
or telnet from Gateway C seems to work. I don't have access to Gateway
A, so I can't verify if the packets get to Gateway A.

I would really appreciate if you can help me fix this or find an other
job ;)

The masquerade may be an overkill, unless you need to limit
the visibility of the subnets to the other end of the tunnel.

Did you:

- tell gateway A that VPN tunnel 2 is reachable via VPN tunnel 1?

I don't have access to administration on Gateway A. The reason why we
need this is that we wanted to save time to use a temporary tunnel but
in the future (in couple months) they will provide us with a tunnel
between Gateway A and Gateway C.

This will be a problem: The gateway should know to route your
packets for tunnel 2 via the intermediate gateway. If you cannot
change the routing here, the packets destined to the second
tunnel will be sent to gateway A's default next-hop gateway.

Could you think of splitting the subnet in tunnel 1 into
two sub-subnets and assign it to tunnel 2?

--

Tauno Voipio
tauno voipio (at) iki fi
.

---

• References:
  • Multiple vpn tunnels
    • From: said . abdel
  • Re: Multiple vpn tunnels
    • From: Tauno Voipio
  • Re: Multiple vpn tunnels
    • From: said . abdel

• Prev by Date: Re: Multiple vpn tunnels
• Next by Date: route command baffles me.
• Previous by thread: Re: Multiple vpn tunnels
• Next by thread: route command baffles me.
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: IPSEC config ... Have you used ifconfig to setup the inside points of your gif tunnel? ... gifconfig only sets the outside IP addresses of your security gateways. ... Gateway A: ... (FreeBSD-Security) Re: can internet gateway be on opposite side of a tunnel? ... > Can a machine use a host on the opposite side of an ipip tunnel as its ... > I have 2 LANs, a gateway in each, and an ipip tunnel between the ... A host in either LAN designates its local tunnel endpoint as ... (comp.os.linux.networking) Re: Tunneling through ssh ... I would like to tunnel ALL my traffic ... through ssh through that gateway. ... would you really trust it any more than you trust your current ... (You do realize that all the protocols you named will then go in cleartext ... (SSH) Re: Who is using ipv6 ... where to start. ... can one get a routable IPv6 address? ... to get to your tunnel broker. ... gateway and the transport protocol happens to be IPv4, ... when someone tries to claim "but IPv4 is doing the routing") and you've ... (Fedora) Re: Multiple vpn tunnels ... I need all clients coming from gateway C to be able to use the vpn ... the visibility of the subnets to the other end of the tunnel. ... tauno voipio iki fi ... (comp.os.linux.networking)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > comp.os.linux.networking  > 2007-03