Answer the question
In order to leave comments, you need to log in
How to connect networks through vtun?
I work in an organization that imports automotive products, the organization has a number of regional dealers of varying degrees of "coolness", from large chains of car dealerships to small shopkeepers.
We get the product range from the database of a major Western automaker through a VPN based on Cisco. We provide large dealers with access to the range in the same way. Since the Cisco equipment recommended by the automaker is not cheap, we use VPN based on the Linux + Vtun bundle to access the range of dealers with a rank below. Before the appearance of a dealer from the capital city of Ust-Kamenogorsk, the scheme using Vtun worked and works perfectly, except for the described dealer.
The crux of the problem is that our LAN and the dealer's LAN are 192.168.0.0/24 .
As a result, I cannot correctly set up a route from our local network to their local network.
Listing vtund.conf on our host:
Host1 {
passwd ********;
type tun;
proto tcp;
encrypt yes;
keepalive yes;
up {
ifconfig "%% 192.168.20.37 pointopoint 192.168.20.38 mtu 1450";
# route "add -net 192.168.0.0/24 gateway 192.168.20.37"; - in theory it should be like this
};
down {
ifconfig "%% down";
# route "delete -net 192.168.0.0";
};
}
Listing vtund.conf on dealer host
Host1 {
passwd ********;
type tun;
proto tcp;
encrypt yes;
keepalive yes;
up {
ifconfig "%% 192.168.20.38 pointopoint 192.168.20.37 mtu 1450";
route "add -net 10.112.0.0 netmask 255.255.0.0 gateway 192.168.20.38"; - automaker's network
};
down {
ifconfig "%% down";
route "delete -net 10.112.192.0";
};
}
How to be in the given situation I will not apply mind.
Answer the question
In order to leave comments, you need to log in
You need something like:
You(192.168.0.0/24)<->NAT<->tunnel<->NAT<->Dealer(192.168.0.0/24)
Forward the necessary ports on both NATs to access internal resources .
But this is through one place, it is better to agree and change someone's network, for example, a dealer, discuss it once and puff a little, then there will be no problems. In general, in such cases, it is better for the VPN owner to forcibly distribute subnets for clients, otherwise there will be a mess and you will have to constantly solve such problems.
And ideally, in a VPN, use networks other than 192.168.0.0/24 and 192.168.1.0/24 (they are usually the default in modems and routers and many do not change them), for example, from the 10.0.0.0/8 range
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question