On 07/18/2013 04:53 AM, Ivica Glavocic wrote: > Hi all > > I have specific problem with routing trough VPN links. Linux firewall, 2 > interfaces, one is LAN eth0 on C class 192.168.254.0/24, other is WAN > eth1 with fixed public IP address, lets say it's 200.12.12.12 > > On firewall I have IPSEC LAN-to-LAN VPN tunnel with remote network > 10.10.0.0/16, lets call it SiteA > On firewall I have one more PPTP tunnel with remote network > 192.168.20.0/24 with NAT on ppp85 interface, lets call it SiteB > Both tunnels are properly set up inside Shorewall and working OK. > > On SiteB I have to reach 2 hosts with IP addresses 10.10.10.1 and > 10.10.11.1 - addreses from SiteA network > > Here is entry in /etc/shorewall/masq > ppp85:192.168.20.0/24 192.168.254.0/24 > ppp85:10.10.10.1 192.168.254.0/24 192.168.20.220 > ppp85:10.10.11.1 192.168.254.0/24 192.168.20.220 > > I added routes to those 2 hosts trough ppp85 interfaces but traffic from > LAN is not redirected trough PPTP link - it still goes trough IPSEC > link. Routing table looks like this: > 10.10.10.1 192.168.20.220 255.255.255.255 UGH 0 0 0 > ppp85 > 10.10.11.1 192.168.20.220 255.255.255.255 UGH 0 0 0 > ppp85 > 10.10.0.0 212.92.196.77 255.255.0.0 UG 0 0 0 > eth1 > > When I ping from firewall (ping goes directly trough ppp85 interface) i > can reach those 2 hosts trough PPTP tunnel on SiteB but when I ping from > my LAN or from firewall LAN interface traffic goes trough IPSEC link on > SiteA and hosts are not reachable. > > How can I reach those 2 hosts from LAN trough PPTP VPN link? >
No way that I know of. IPSEC overrides routing. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
