Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Routing multiple networks together on Linux
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Routing multiple networks together on Linux

Hey guys,

from time to time I'm posting questions here, which might be super obvious to others, but routing in Linux is still not very well known to me. So my first question would be: Is there any book or tutorial, which covers most of the basics?

Before I post my question, I'll explain the setup I have right now.

The central part of the network I want is a basic VPN Server running OpenVPN.

Server IP: 6.6.7.7
Internal VPN Network for clients (tun0): 10.8.0.0/24

I used tinc to easily connect multiple other machines.

The network is use is (tun1) 10.10.0.0/24

Connected to the network are 3 machines:

VPN Server: 10.10.0.30
Dedicated Server: 10.10.0.10
Home "Server": 10.10.0.20

I run Proxmox on both the dedicated server and the home server, which spawn an own internal network itself.

My goal is to have an internal network, which can only be connected to via OpenVPN.

Most importantly it needs to be possible to connect to the internal tinc network 10.10.0.0/24 and the VMs which will be created on the corresponding servers.

I hope it is clear what I want to achieve and someone can help me.

Thanks in advance and don't hestitate to ask questions.

Best regards
nobizzle

Comments

  • You may wish to search for linux dynamic routing (rip, quagga, ospf, SIS, BGP). The setup is not too difficult after the principle is understood.

  • I thought there might be a more simple solution via ip route or smth. but i'll try to get into that.. thanks @mikeee

  • Just to clarify, are you running tinc or OpenVPN? Or is it that you already have a tinc network, and for some reason you want an OpenVPN gateway into your tinc network? Couldn't you just run tinc on your client and join the existing VPN?

  • @seanho yes.. you are right. partly :)

    I connect the "host nodes" via tinc, so that they can connect each other. that includes the dedicated server, my home server and the vpn. on the vpn i run tinc and openvpn. tinc is just used to connect to the other servers and openvpn is being used for accessing with clients (i.e. smartphone) which has a lot better client than tinc on mobile devices.

  • It's simpler to just stick to one VPN, but I can empathize with wanting to experiment with routing between multiple VPNs.

    If you want to commit to OpenVPN, then you could just switch to that on the servers. if you want to commit to tinc, there are two Android clients: Vilbrekin and pacien, and I think a package on Cydia.

    If you want to access the tinc network from an OpenVPN client, assuming you've already gotten both VPNs configured properly, you just need SNAT or MASQUERADE. Use SNAT if you have a static IP on tinc (probably the case), or MASQUERADE if not. On the VPN server:

    iptables -t nat -A POSTROUTING -o <tinc_if> -j SNAT --to <VPN server tinc IP>
    

    Also make sure the net.ipv4.ip_forward sysctl is enabled (see /etc/sysctl.conf).

    You also need to set a route on your mobile OpenVPN client to access the tinc subnet via your VPN gateway. I'm not sure of the OpenVPN config syntax, but in iproute syntax it'd be something like

    ip route add <tinc subnet> via <VPN server OVPN IP> dev <OVPN if>
    

    A decent place to start is the netfilter docs.

    Thanked by 2WSS nobizzle
  • I use Zerotier for this sort of thing. It's not self-hosted, but it's free and gives you bridged ethernet between your servers. Also works behind NAT/etc. No stuffing around with routing...

  • VyOS.

Sign In or Register to comment.