1

This is supposed to be a pretty simple question but I couldn't google a answer for it!

I have a ipsec VPN tunnel established between 1.1.1.1 and 2.2.2.2 (public IPs). The first machine (1.1.1.1) has a LAN with gateway 10.253.0.93. Inside this LAN, there is a machine with IP 172.21.83.60 (the gw already has the rules to forward traffic from 10.252.0.93 to 172.21.83.60).

In machine 2.2.2.2, I'm able to ping 10.252.0.93 normally. That's prove that the VPN is correctly established.

My question is: what I need to do in order to be able to ping machine 172.21.83.60 from 2.2.2.2? I tried to add a route using command:

route add -net 172.21.83.0 netmask 255.255.255.0 gw 10.253.0.93

but got:

SIOCADDRT: No such process
danielnovy
  • 11
  • 1
  • 2
  • 1
    You'd need to possibly add a brief pic of the network, including what gear models. Some are as a simply as a router on each end with switch ports built in, others have additional routing, firewalls, accelerators, etc. behind each side, so it is difficult to simply supply an answer without seeing what the layout looks like – TheCleaner Mar 01 '13 at 19:21

1 Answers1

0

What about NAT do you nat your traffic with iptables? You shouldn't do it (traffic that goes to you ipsec tunnel should bypass NAT rule, like this:

iptables -t nat -A POSTROUTING ! -d <ipsec_lan> -j SNAT --to-source <ip>

ipsec vpn in linux makes low-level traffic routing and encryption you can see it with

ip xfrm state

Also, try to chose interface for ping source, might help.

Hikaru
  • 73
  • 11