4

network

Hi, I would like to connect to a computer through a vpn in another network.

My computer (Debian 7.11) is in the network 192.168.2.0/24. My gateway (192.168.2.1) is a VPN router. It connects to another VPN router 192.168.33.1.

From 192.168.2.2 I can ping and connect to 192.168.2.59,192.168.33.1,192.168.33.2,192.168.33.59

Now, I have another computer 10.0.1.8 that I want to connect which is physically connected to the 192.168.33.0/24 network.

I try to add a route in 192.168.2.2 but it is not working:

route add -net 10.0.1.8 netmask 255.255.255.255 gw 192.168.33.1 dev eth1
SIOCADDRT: No such process

How can I reach 10.0.1.8 from 192.168.2.2 ?

473183469
  • 1,360
  • 1
  • 12
  • 23
Sébastien Bonaimé
  • 41
  • 2
  • What kind of VPN does this VPN router use? IPSec? An SSL-based VPN? Something else? Do you have administrative access to both routers? (+1 from me because you went to the trouble of making a decent diagram; thank you.) – MadHatter Jan 13 '17 at 12:00
  • I have netgears FVS338 routeurs and complete control. VPN tunnel is made through IPSec – Sébastien Bonaimé Jan 13 '17 at 12:04
  • Can you show the output of routing table? The box with 192.168.2.0/24 should route 10.0.1.0 via tun interface same as route for 192.168.33.0/24. You can't add 192.168.33.1 since it's not in the Same network as the box in 192.168.2.0/24. You can't get the Mac address unless both hosts are in same broadcast domain – kalyan Jan 14 '17 at 11:34

3 Answers3

2

Dimitar has the first part of the process, but not the second. It is true that the right-hand side VPN router will need a presence on the 10.0.1.0 network (I'm guessing it's a /24), but if your network diagram is accurate and complete, and 10.0.1.8 can already reach the internet, it probably already has one.

IPSec tunnels are established between given source and destination address ranges; you can't just treat them like tubes into which arbitrary traffic can be poured. You will need to establish a tunnel between 10.0.1.0/24 and 192.168.2.0/24 on both VPN routers.

If RHS VPN router's 10.0.1 presence is not 10.0.1.8's default route, you will need to mess with the routing tables on 10.1.0.8, but that's for after we have the right tunnel(s) up.

MadHatter
  • 79,770
  • 20
  • 184
  • 232
  • In fact, I did not draw the complete right part of the network. 10.0.1.8 is already in another network :-( But it is also physicaly connected to 192.168.33.1. I know it is not the best way to do but I did not have choice... – Sébastien Bonaimé Jan 13 '17 at 12:16
  • Accuracy in your question matters, as does completeness. The fact that 10.0.1 and 192.168.33 are physically overlaid doesn't matter, though it's worth mentioning - the real question is **what are 10.0.1.8's routing arrangements**. If there's **another** router involved, that is **vital** to know. – MadHatter Jan 13 '17 at 12:21
  • GIGO as true today as ever. – user9517 Jan 13 '17 at 12:25
  • As far as I know 10.0.1.8 has it's own gateway 10.0.1.1 I can not modify or add something on 10.0.1.8 – Sébastien Bonaimé Jan 13 '17 at 12:35
  • What about modifications on 10.0.1.1? Does RHS VPN router have any *logical* presence on 10.0.1? – MadHatter Jan 13 '17 at 12:42
0

If it's something like remoting on to the machine for an RDP session or something like that you could use something like LOGMEIN or equivalent, especially if you don't have control or access to all the information at hand.

Logmein Diagram

As long as both machines can connect to the internet you should be able to connect to them from one to another using the software to create a 'Tunnel' for you and remotely screen share and share files from one to the other.

Ta

TheNerdyNerd
  • 101
  • 2
0

I found MY solution !

On a FVS338, you can configure a second LAN network. So I set 10.0.1.250 as the second IP address of my right VPN router. Then I made a rule to forward ports I need from the public IP to 10.0.1.8. Now I can connect to 10.0.1.8 !

Sébastien Bonaimé
  • 41
  • 2