0

I have the setup like this:

VPN Clients     VPN Server
10.1.1.2        10.1.1.1   ---> Internet
10.1.1.3
10.1.1.4
10.1.1.5
   |
   \ 10.0.0.0/24 LAN

The VPN clients are using the VPN server as default gw to the internet and they can see each other (for example I can ssh in from 10.1.1.2 to 10.1.1.5 without problems).

Now what I would like to accomplish is to reach a subnet where the 10.1.1.5 client is connected to from the 10.1.1.2 machine.

You would think that:

   route add -net 10.0.0.0/24 gw 10.1.1.5

Would do the trick but I get: "SCIOADDR Network is unreachable" error message. Why is that? If I would try to use this machine as default gw that would be understandable but I only want to use it as a gateway to a subnet which by the way does not overlap with any other.

I use openvpn but I doubt it matters from routing perspective.

How to accomplish this without any proxies etc?

On the 10.1.1.5 I have:

 echo 1 > /proc/sys/net/ipv4/ip_forward
 iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE

Thanks

fred443
  • 11
  • 1
  • If this was just two lans connected to the .1.5 machine I would have said you need to also bridge the connections so the machine know to route traffic between the two interfaces. I'm not sure you can do that with a vpn "interface" – Drifter104 Jun 05 '15 at 08:31
  • If I understand you correctly trying to add `route add -net 10.0.0.0/24 gw 10.1.1.5` at some client VPN client for example 10.1.1.4, if you print and show us route table (from this client) `route -n` at this client then answer will be there. My suspicion is that you don't have route to whole VPN network in that clients routing table, you probably use tun, and point to point network. IHMO you should paste VPN configs as well. – Michal Sokolowski Jun 05 '15 at 13:14

1 Answers1

0

Regarding the error "SCIOADDR Network is unreachable" raised by the route add -net 10.0.0.0/24 gw 10.1.1.5, this happens 'cause the IP address you're declaring as the gateway (10.1.1.5) is NOT directly reachable by your local host (10.1.1.2). Please consider that both IP addresses (10.1.1.5 and 10.1.1.2) are assigned to "tun" interfaces and... those are treated very differently from ethernet ones.

To solve your problem, the first step is to point to proper gateway. As for OpenVPN client and related "tun" interfaces, the gateway to be used is the one reported as the P2P address in the tun interface. As an example, with a "tun" interface defined like in the following case:

    user@client_1:~$ ifconfig tun0
    tun0      Link encap:UNSPEC  [...]
              indirizzo inet:10.11.0.14  P-t-P:10.11.0.1  Maschera:255.255.255.255
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

the gateway should be 10.11.0.1.

So your route add should be (with such a P2P):

route add -net 10.0.0.0/24 gw 10.11.0.1

Unfortunatly this will not solve your routing problem 'cause the network you're going to reach (10.0.0.0/24) is totally unknown to OpenVPN. To solve this other issue, you'll need an "iroute" param to be defined/associated to client 10.1.1.5. I'm not going to discuss this in detail, as a detailed discussion about this problem can be found to this other SF answer: please refer to it.

Community
  • 1
Damiano Verzulli
  • 4,078
  • 1
  • 21
  • 33