On Fri, 2 Apr 2004 05:15 pm, Amanda wrote:
> I'm setting up an SME server as server & gateway. It has 2 ethernet
> cards, eth0 (192.168.0.210)to the local network, eth1 (10.0.0.3)to the
> adsl modem (10.0.0.1).
>
> >From a machine on the Lan, I can access the internet just fine.
>
> On the SME server, I'm running pptp client to establish a tunnel into the
> company's Windows 2000 VPN server. This also works fine. (I'm running
> rsync & mysql replication over it).
>
> How do I add a route so local users on the lan can see machines on the
> lan at head office. I can see them just fine from the SME server.
>
> route add -net 10.0.0.150 netmask 255.255.255.255 dev ppp0
>
> 10.0.0.150 being an intranet web server on the company's lan. This is the
> machine I'm rsyncing & replicating against.
>
> I can ping 10.0.0.150 from the SME server, but not from my machine on the
> Lan.
>
> Amanda
>
> Please avoid sending me Word or PowerPoint attachments.
> See http://www.fsf.org/philosophy/no-word-attachments.html
Hi Amanda,
In /etc/ppp/ip-up.d create a script like this: (mine's called "00routes")
#!/bin/bash
# Define the routers
DMZ=1.2.3.4 # DMZ Gateway
#LAN=192.168.0.1 # Local LAN (internal) router - not used ATM
VPN=`ifconfig -a|grep P-t-P|awk '{print $3}'|awk -F: '{print $2}'`
# Define the hosts/nets we need specific routes for:
AARNET=`host mirror.aarnet.edu.au| \
awk '{print $NF}'| \
awk -F. '{print $1 "." $2 "." $3 ".0/24"}'`
VPNSEVER=`host vpnserver.example.com|awk '{print $NF}'`
#OTHER=`host other.example.com|awk '{print $NF}'`
NTP1=137.92.140.80
NTP2=203.21.37.18
# Add the routes
route add -net $AARNET gw $DMZ
route add -host $VPNSERVER gw $DMZ # Needed for the pptp control chan.
#route add -host $OTHER gw $DMZ
route add -host $NTP1 gw $DMZ
route add -host $NTP2 gw $DMZ
# Modify the default route
route del default
route add default gw $VPN # <- this is the ppp0 interface
Some important notes!
1. You NEED to include a specific route to the VPN server you are connecting
to BEFORE you change the default route!! Otherwise, when you change the
default route it will cause all the VPN traffic to try and tunnel back
through itself. This will send the VPN tunnel traffic to max and time-out
after about 3 minutes - took me a while to figure out what was happening
itinially.
2. The $AARNET host is an example of how to add an entire network to a route
etc. You wouldn't ordinarily add a host like that (ie, look up it's IP,
and add the entire C-class network it's in!).
3. We use NTP to synchronise the clock opn the VPN server (it logs back to a
syslog server, so we need to keep everything pretty tightly "in-sync"). So
I added two routes so the NTP stuff doesn't get routed over the VPN tunnel.
4. You'll need to change the default route again when the tunnel comes down
in /etc/ppp/ip-down.d/ too. But the script is nearly identical to this,
except the default route goes back to the $DMZ router IP.
HTH,
James
--
Fortune cookies says:
The eternal feminine draws us upward.
-- Goethe
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
