0

I am expected to make http requests to a server (local IP 172.XX.XX.XX) behind a gateway of a telecom. A VPN has been setup between my VPS 46.XX.XX.XX and to gateway 193.XX.XX.XX.

However I need to make a SOAP API request with end point say http://172.XX.XX.XX:4506/ which is behind the gateway 193.xxx.xxx.xxx.

However, I need to send this request through the tunnel that has been setup between our system and the telecom.

How do I implement this so that when I make the request, my network can push the traffic through the tunnel and also receive via the tunnel.

My vps has address 46.xxx.xx.xx

IP route command shows;

ip route

default via 46.xx.xx.x dev eth0 
10.16.0.0/16 dev eth0  proto kernel  scope link  src 10.16.0.6 
10.131.0.0/16 dev eth1  proto kernel  scope link  src 10.131.14.73 
46.xxx.xx.0/20 dev eth0  proto kernel  scope link  src 46.xxx.xx.xxx 
169.254.0.0/16 dev eth0  scope link  metric 1002 
169.254.0.0/16 dev eth1  scope link  metric 1003

thank you.

Acacia
  • 16
  • 1
  • 7
  • How the the negotiated traffic selectors (subnets) look like? (i.e. please post the output of `ipsec statusall` and your config) – ecdsa Apr 18 '17 at 07:03
  • @ecdsa, VPN is not setup. What can i set to make sure all requests to the local IP 172.xxx.xxx.xxx behind the vpn gateway 193.xx.xx.xx are redirected through the VPN to the other side. – Acacia Apr 18 '17 at 12:29
  • is the IP of the server (172.xxx.xxx.xxx) part of the VPN network subnet ? – Pierre-Alain TORET Apr 21 '17 at 12:25

1 Answers1

1

You need just to add a route to the desired IP address / network so that the next hop is the other end of your VPN tunnel.

For example:

ip route add 192.168.10.200 via 10.210.10.1

makes all packets destined to 192.168.10.200 go via 10.210.10.1 host at the other end of the VPN tunnel.

You also need to make sure that the other end's routing has been set up correctly.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
  • I have made some changes to question. I also need to add that am using StrongSwan as the VPN. Is there a way I could implement this through IP tables? – Acacia Apr 16 '17 at 20:51
  • Why do you want to use IPTables here? The standard procedure is to set up IP routing. – Tero Kilkanen Apr 16 '17 at 23:48
  • @Kilkanen Please assist with is you can https://serverfault.com/questions/845022/how-to-write-ipsec-conf-file-from-specifications – Acacia Apr 18 '17 at 08:53
  • The VPN has now been properly set. However, ip route add 172.xx.xx.xxx via 193.xxx.xxx.xxx does not run. – Acacia Apr 18 '17 at 12:32
  • What is the error message? – Tero Kilkanen Apr 18 '17 at 17:24
  • The error is **RTNETLINK answers: Network is unreachable ** – Acacia Apr 18 '17 at 21:12
  • Please add any output from commands to the question itself so that they can be formatted properly. Just to confirm, does your system have an interface in the `193.xxx.xxx.xxx` subnet? At least neither of your `ip route` command outputs shows that. You need to put the next hop after the `via` argument, and the next hop must be in a subnet configured in the machine. That is, in your case, you must use the address in the VPN subnet as the next hop. – Tero Kilkanen Apr 18 '17 at 21:38
  • 193.xxx.xxx.xxx is IP address of the VPN gateway on the side of telecom. – Acacia Apr 18 '17 at 21:45
  • That is the public IP address used to connect the VPN. You cannot use that as the next hop address, since your machine has no address in that subnet. You need to use an address in the VPN subnet as the next hop. Are you connected to the VPN when the routing table looks like you showed? – Tero Kilkanen Apr 18 '17 at 21:47
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/57314/discussion-between-acacia-and-tero-kilkanen). – Acacia Apr 18 '17 at 21:50