Routing with VPN and asymmetric communication

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Louis on Server Fault See other posts from Server Fault or by Louis
Published on 2012-12-10T16:15:18Z Indexed on 2012/12/10 17:05 UTC
Read the original article Hit count: 229

Filed under:
|
|
|

I'm stumbling on a problem that requires your advice.

Keywords : networking, route, openVPN

Problem : I have a local network with several physical servers and VMs. These machines have ip's in the range 10.10.x.x. I can access these machines from the Internet with the help of openVPN. These machines can :

  • access each other within the local 10.10.x.x subnet
  • access the Internet via the VPN
  • can themselves be accessed (via SSH) from the Internet via the VPN.

There is one machine however that behaves strangely and I don't know why. I can SSH into this machine from anywhere via SSH and I can also PING it from anywhere (including the Internet). However from this machine (i.e. when logged into it) I cannot access the Internet or ping machines outside the local network. In other words it will not go beyond the VPN. My question is why? Here are some technical details:

The machine's Network Config (running Debian 6.0.3):

  • allow-hotplug eth0
  • iface eth0 inet static
  • address 10.10.10.200
  • netmask 255.255.0.0
  • network 10.10.10.0
  • broadcast 10.10.10.255
  • gateway 10.10.10.200

The machine's Routing :

  • Destination Gateway Genmask Flags MSS Window irtt Iface
  • 127.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 lo
  • 10.10.0.0 10.10.10.250 255.255.0.0 UG 0 0 0 eth0
  • 10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
  • 0.0.0.0 10.10.10.250 0.0.0.0 UG 0 0 0 eth0
  • 0.0.0.0 10.10.10.200 0.0.0.0 UG 0 0 0 eth0

The VPN's Network Config (running Debian 6.0.3):

  • # This is the local network interface
  • auto eth1
  • allow-hotplug eth1
  • iface eth1 inet static
  • address 10.10.10.250
  • netmask 255.255.0.0
  • broadcast 10.10.10.255
  • gateway 10.10.10.250

The VPN's routing table

  • Destination Gateway Genmask Flags MSS Window irtt Iface
  • 10.10.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
  • private 0.0.0.0 255.255.255.0 U 0 0 0 eth0
  • 10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
  • 0.0.0.0 10.10.10.250 0.0.0.0 UG 0 0 0 eth1

  • 0.0.0.0 private 0.0.0.0 UG 0 0 0 eth0

  • net.ipv4.ip_forward = 1 on both machines.

  • there are no iptables set anywhere.

Thanks in advance for any feedback.

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about linux

Related posts about networking

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle