0

I've got 2 servers running Debian Linux:

Server 01 with private IP 10.0.10.10 on eth0
Server 02 with private IP 10.10.10.10 on eth0, and also subnet 100.0.0.0/10 on tun-test

From Server 01 I am able to ping Server 02 on 10.10.10.10. But I would also like to be able to ping Server 02 on any IP address within subnet 100.0.0.0/10.

I've tried to add the following on Server 01:

ip route add 100.0.0.0/10 via 10.10.10.10 dev eth0

But are getting RTNETLINK answers: Network is unreachable.

Server 02 can ping Server 01 on 10.0.10.10.

The servers are not on the same VLAN.

What to do?

Alfred Balle
  • 409
  • 3
  • 9
  • 22
  • Using `10.0.10.10` & `10.10.10.10` on the two servers looks strange. Are they configured with a `255.0.0.0` (/8) netmask? Is there a reason for this network to be so big? Also `100/10` is suspicious as this again covers a very large range - which is also public address space. It all seems a bit messy/amateurish tbh. Also note that if `Server 02` is to be a gateway, hosts on the 100/10 network will need a route back to the 10/8 network via `Server 02` as well. – USD Matt May 03 '18 at 10:25
  • The IPs are internal IPs and only used for routing between each other. – Alfred Balle May 03 '18 at 10:27
  • Is there any reason to be using 100/10 rather than one of the specific private ranges? It's not very good practice to use real public IP addresses, even if the systems do no need any Internet access. – USD Matt May 03 '18 at 10:31
  • I've changed subnets to 100.64.0.0 now which seems to be private range. Same result. The servers do not have public internet connection. – Alfred Balle May 03 '18 at 10:50

2 Answers2

0

If I understand correctly you are trying to route traffic from 10.0.10.10 to 100.0.0.0/10 via 10.10.10.10. Your route addition looks correct but the linux network stack by default on Debian does not allow traversal between networks on the same server. You can check if this is turned on by running cat /proc/sys/net/ipv4/ip_forward If this returns 0 ip forwarding is not allowed. To allow it run echo 1 > /proc/sys/net/ipv4/ip_forward and try to route again. If you want this behaviour to persist over reboots then you would need to add net.ipv4.ip_forward=1 to /etc/sysctl.conf

trilitheus
  • 1
  • Doesn't seem to allow `ip route add 100.0.0.0/10 via 10.10.10.10 dev eth0` after I've added `echo 1 > /proc/sys/net/ipv4/ip_forward` on `Server 01`. – Alfred Balle May 03 '18 at 09:57
  • The servers are not on the same VLAN - could that be the issue. They can reach each other on their primary IP though. – Alfred Balle May 03 '18 at 10:17
  • I've added the ip_forward, but still unable to do `ip route add 100.0.0.0/10 via 10.10.10.10 dev eth0`. Any idea on how to route 100.0.0.0/10 via 10.10.10.10? – Alfred Balle May 04 '18 at 17:35
  • Are you sure your netmask is correct? (/10). Do you have a real example of an IP that exists on the 100.0.0.0 network? /10 will not match all on 100.0.0.0 – trilitheus May 05 '18 at 11:58
0

Seems to solve the issue:

ip tunnel add tunnel mode ipip remote 10.10.10.10
ip addr add 10.1.1.1/24 dev tunnel
ifconfig tunnel up
ip route add 100.0.0.0/10 via 10.1.1.1
Alfred Balle
  • 409
  • 3
  • 9
  • 22