E
E
Evgeny Elizarov2012-06-03 11:04:19
linux
Evgeny Elizarov, 2012-06-03 11:04:19

Routing

Ladies and gentlemen, good morning.
Please tell me about the following situation:
There is a server number 1 on it, a vpn server is raised, there is a server number 2, a vpn client is raised on it. machines see each other and everything works fine. The task is that several machines sit behind server No. 2 behind NAT, how to set up routing in such a way that these machines would see server No. 1? Server on linux.

Answer the question

In order to leave comments, you need to log in

6 answer(s)
S
smartlight, 2012-06-03
@KorP

I'm looking vpn made by means of openVPN. this is good.
1. in the config on server 1 do:
route 192.168.xxx.0 255.255.255.0 # network behind server 2
client-config-dir /etc/openvpn/ccd # data is stored here and transmitted to vpn clients
2. make a file in the /etc directory /openvpn/ccd with the same name as the CN of the client (server 2) and add the following lines there:
iroute 192.168.ХХХ.0 255.255.255.0 # mesh on server 2 itself
3. and most importantly, server2 should be the default GW in its mesh.
and you can do without all this, because if pings go between servers, but clients do not see server1, then:
a) packet forwarding between interfaces is not enabled on server 2 (echo 1 > /proc/sys/net/ipv4/ip_forward)
b) server2 is not the default gateway for its subnet - solution:
i) make it GW by default
ii) on clients add permanent routes to the mesh on server1

A
AlekseyPolyakov, 2012-06-03
@AlekseyPolyakov

On server #2, nat all interfaces except the internal one. It will work if server #2 is a gateway for those machines that are behind it and that need to be passed to Server #1

C
ComputerPers, 2012-06-03
@ComputerPers

On server 2, configure routing for networks "behind NAT" to server 1 (and/or server 1 networks).
Implementation depends on various factors - wasps, firewall, hands.

N
nick5, 2012-06-03
@nick5

1. Turn on ip_forward.
2. Add routes to the server 1.
Commands:
1. echo 1 > /proc/sys/net/ipv4/ip_forward
2. route add -net NET/MASK gw GATEWAY

S
shadowalone, 2012-06-03
@shadowalone

If the machines are behind NAT, they should see server 1 anyway, if masquerading on server 2 is enabled for everything.
If not, enable masquerading on the vpn interface on the 2nd server.
If you need machines to see server 1 not because of NAT, then, on server 1, write a route for the subnet of machines to server 2 (via the vnp interface). On server 2, remove NAT for server address 1, and accordingly register a route to it.
If you provide specific data with interfaces and ip-addresses of servers and networks behind them, I will answer with ready-made commands.
And what they asked for, they got.

B
biz, 2012-06-03
@biz

Need clarification - what does it mean to see? on VPN connection from clients behind serv.2 has to be established and so if external IP.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question