0

I'am wondering how to forward traffic from a gateway to a subnet.

network setup

I have this working setup. Host A, HOST C, and HOST VPN have interfaces from internal network IP addressing and communicate between each other. In host B i have run an OVPN client.

I added route for HOST A, HOST C like:

ip route add 10.8.0.0/24 via 10.0.10.103

And this resolved problem with ping to HOST B.

Now I want to ping from HOST B all machines from address 10.0.10.0/24 between interface tun0 and interface ens19 with address 10.0.10.103 and forward this traffic for HOST A, and next forward this traffic for other VM's.

From HOST B I can ping 10.0.10.103 and 10.8.0.0/24, From host A,C,VPN I can ping 10.8.0.0/24, but from Host B i can't ping 10.0.10.0/24

TCP dump, traceroute from Host B to Host A,C is ending in Host VPN.

I tried different settings with routes and IPTables, but it did not work. Please help me ;x

Hemanth Kumar
  • 314
  • 2
  • 7
rootin
  • 1
  • 2
  • Ok, I resolved this problem. I had to only remove rules and add again additional rules for IPTABLES. – rootin Jun 28 '22 at 08:51

1 Answers1

0

Have you read this article already: http://openvpn.net/index.php/open-source/documentation/howto.html#redirect

I think you also need to reconsider your network design,because I would recommend the openvpn server also making responsible for forwarding the traffic. Because how does openvpn know now where to route it's traffic? No where because it has no knowledge of your other forwarding server.

Ace
  • 478
  • 1
  • 6
  • Thank for reply. Yes I know this article, and I have added for OVPN server config push for 10.0.10.0/24. I wondering, can forwarding traffic through ens19 interface with IP 10.0.10.103 from internal addressing 10.0.10.0/24 because it interface knows gateway from internal network. Unfortunately, but I can't create routing for internal network and server vpn in the same machine. – rootin Jun 26 '22 at 22:28
  • I would consider acquiring a network appliance like a SonicWall, because this is going to take a lot of time I figure (and cost of your hours). A Sonicwall already has it all and you only need to configure it and support. – Ace Jun 26 '22 at 22:44