New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
OPENVPN route specific subnet down separate tunnel.
Ok! So I have a problem, and it shouldn't be a problem. However, it is....
I want to access this IP from my vpn server. (192.10.84.xx) <<-- this is an example ip.
The problem is the vpn server for some reason can't connect to 192.10.84.xx.
To resolve this I setup a gre tunnel and forwarded the traffic via ip route. So now the server can see 192.10.84.xx and works fine.
#!/bin/bash iptunnel add gre1 mode gre local 10.254.0.22 remote 10.254.0.21 ttl 255 ip addr add 192.168.168.2/30 dev gre1 ip link set gre1 up ifconfig gre1 mtu 1250 #echo '100 BUYVM' >> /etc/iproute2/rt_tables ip rule add from 192.168.168.0/30 table BUYVM ip route add default via 192.168.168.1 table BUYVM ip route add 192.10.84.0/22 via 192.168.168.1 dev gre1
However, the openvpn client can't connect and see this. It still attempts to send it out via the main ip.
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 162.253.179.xxx
I figure this is because I am forcing the ip out of 162.253.179.xxx. Is there anyway with iptables or some other that I might be able to route that 192.10.84.0 network over my gre tunnel?
Comments
I... guess I stumped everyone.
Why such a complex setup? You shouldn't need an extra routing table. And plain IP-over-GRE links are point-to-point (so more like PPP than normal IP over ethernet), you don't need to allocate a subnet.
I'd do something like this:
Go SoftEther..
Because my host, sadly, can't connect to a certain internet subnet. I have contacted both providers and both won't do anything.
By "such a complex setup" I meant the extra BUYVM routing table. My example just adds a route to the problematic subnet straight into the main routing table, which sounds closer to what you actually want. Have you tried doing it my way?
Even if you just replace everything after your ifconfig line with
I'd expect that to work.
The GRE tunnel is just for the IP address space that isn't working over the normal server. Everything else I want to come out of the normal servers address space. IP route doesn't work.