Hello,
I must obviously miss something in the configuration, but I've been searching for weeks, and could not come up with some solution ; please forgive me if the solution is obvious :)
I'd like to set up a lan to lan "community", with the following :
VPN Server (on a rented Box) :
- 1 Virtual Hubs in 10.8.0.0/24, with no default gateway in DHCP configuration
- 1 Virtual Hub in 10.8.1.0/24 with a default gateway (for clients to access internet through VPN)
- Both Hubs have in SecureNat configuration pushed routes for clients to access other Virtuab Hub subnet, + the lan to lan subnets
- 1 Virtual L3 Switch with one interface in each Virtual Hub, + 2 routing entries (one for each subnet from lan to lan using each lan's client IP)
LAN 192.168.1.0/24 :
- 1 Debian with VPN client connecting to first Virtual Hub
- Internet Gateway with static routing for 10.8.0.0/24, 10.8.1.0/24 and 192.168.50.0/24 redirecting to local VPN client's IP address
- Ip forwarding activated on VPN client
LAN 192.168.50.0/24 : ditto
The problem I have is that I can ping from the local subnets (192.168*) to the virtual hubs, and connected external clients, but, from the clients themselves, I can connect to some some IPs on the local subnet, but not all of them (and not always the same :p).
On a physical network, it would look like some ARP fuss, but here I'm not sure who is messing the routing.
When I run a tcpdump on client + local IP + VPN Client (gateway), I can see the packets are routed correctly, but it seems they get lost somehow in the VPN L3 switch.
I tried to activate masquerade on the VPN clients (local gateways), on either incoming or outgoing or both, but it didon't solve the issue.
I realize that I might not be clear in my description, let me know if I should give concrete examples.
Thanks in advance for anyone who would try to help me :p
Maelinou
[SOLVED] Lan to Lan : need help
-
Maelinou
- Posts: 3
- Joined: Mon Mar 09, 2015 2:02 pm
[SOLVED] Lan to Lan : need help
Last edited by Maelinou on Tue Mar 10, 2015 9:33 am, edited 1 time in total.
-
Maelinou
- Posts: 3
- Joined: Mon Mar 09, 2015 2:02 pm
Re: Lan to Lan : need help
Hello,
I changed the approach with something that is actually more simple.
I went to VPN Bridge ; I just needed to move from /24 to /16, and it seems to work almost well :)
I can ping the hosts, connect to them through ssh, but when it comes to web, it does not work anymore.
I would suspect some MTU issue, but I don't know where to look at (to be noted that the vpnbridge is running on a proxmox guest).
If someone has some idea ?
Thanks
Maelinou
I changed the approach with something that is actually more simple.
I went to VPN Bridge ; I just needed to move from /24 to /16, and it seems to work almost well :)
I can ping the hosts, connect to them through ssh, but when it comes to web, it does not work anymore.
I would suspect some MTU issue, but I don't know where to look at (to be noted that the vpnbridge is running on a proxmox guest).
If someone has some idea ?
Thanks
Maelinou
-
Maelinou
- Posts: 3
- Joined: Mon Mar 09, 2015 2:02 pm
Re: Lan to Lan : need help
Hello again,
Actually, I switched from virtio to Inten E1000 on the bridge guest, and it works perfectly.
If it can help anyone some day :)
Actually, I switched from virtio to Inten E1000 on the bridge guest, and it works perfectly.
If it can help anyone some day :)