0

I have two virtual environment at different locations, and I want to set up site to site ssh tunnel for contact between those networks.

I have configured the ssh tunnel on both sides with routes to the other network trough tun0 interface. I can contact any server I want on the other network from both ssh servers/client.

In the firewalls on both sides I have added new route and default gateway to the SSH servers for contact with the other network.

The problem is if a server on site1 tries to contact another server on site2 it stops on the ssh server. The ssh server wont route traffic received on eth0 interface over to tun0 interface. I don't want to use NAT anywhere only routing. The ssh server/client is ubuntu 14.04 server.

Nidal
  • 187
  • 4
  • 11
xteron
  • 11
  • 2
  • Insisting on using routing rather than NAT sounds like a good idea. Trying to run IP traffic over SSH less so. SSH may have built in support for tunneling IP packets, but that doesn't mean it is a good idea to use it. Any setup that has TCP more than once in the protocol stack is prone to melt down. A real VPN connection would be more reliable. Only you know your network well enough to say if you need the security features of a VPN, if you don't you can instead use an IP in IP tunnel or a GRE tunnel. – kasperd Aug 30 '14 at 22:58

1 Answers1

0

It sounds like a routing issue. You say you are setting up routing in your firewall which sounds peculiar, but perhaps you have some front end firewall tool that does that. You should show us your configuration there, and/or check the output of netstat -rn.

Better still though would be to start over with a more appropriate tool for a permanent link, like OpenVPN. Otherwise your next queries will be about stability issues.

Part of your difficulty is that you're having to figure out too much for your self, because you're doing something a bit odd, whereas if you use OpenVPN, the standard examples will do what you want.

mc0e
  • 5,866
  • 18
  • 31