Routing Private Subnets Not Working?
Posted: Mon Oct 31, 2016 5:49 pm
Hello,
I've setup a VPN server on a public IP address, this IP's default gateway has routes for internal only IP space and has a route for 172.16.78.0/24 to point to the VPN's public IP address. In Routing if I select NAT everything works fine, I can access 10.0.0.0/8 172.16.0.0/12 and 192.168.0.0/16. If I select Yes, using routing (advanced) I've got not access to those subnets. I've got ip_forward enabled and
Any advice suggestion?
I did check ip_forwarding enabled.
cat /proc/sys/net/ipv4/ip_forward
1
route list:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default xe-2-0-0-26.cor 0.0.0.0 UG 0 0 0 eth0
localnet * 255.255.255.248 U 0 0 0 eth0
172.16.78.0 * 255.255.255.192 U 0 0 0 as0t0
172.16.78.64 * 255.255.255.192 U 0 0 0 as0t1
172.16.78.128 * 255.255.255.192 U 0 0 0 as0t2
172.16.78.192 * 255.255.255.192 U 0 0 0 as0t3
Ip tables:
hain INPUT (policy ACCEPT)
target prot opt source destination
AS0_ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_ACCEPT all -- anywhere anywhere
AS0_IN_PRE all -- anywhere anywhere mark match 0x2000000/0x2000000
AS0_ACCEPT tcp -- anywhere vpn.amplex.net state NEW tcp dpt:915
AS0_ACCEPT tcp -- anywhere vpn.amplex.net state NEW tcp dpt:914
AS0_ACCEPT udp -- anywhere vpn.amplex.net state NEW udp dpt:917
AS0_ACCEPT udp -- anywhere vpn.amplex.net state NEW udp dpt:916
AS0_WEBACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_WEBACCEPT tcp -- anywhere vpn.amplex.net state NEW tcp dpt:943
Chain FORWARD (policy ACCEPT)
target prot opt source destination
AS0_ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_IN_PRE all -- anywhere anywhere mark match 0x2000000/0x2000000
AS0_OUT_S2C all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
AS0_OUT_LOCAL all -- anywhere anywhere
Chain AS0_ACCEPT (7 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain AS0_IN (4 references)
target prot opt source destination
ACCEPT all -- anywhere 172.16.78.1
AS0_IN_POST all -- anywhere anywhere
Chain AS0_IN_NAT (0 references)
target prot opt source destination
MARK all -- anywhere anywhere MARK or 0x8000000
ACCEPT all -- anywhere anywhere
Chain AS0_IN_POST (1 references)
target prot opt source destination
ACCEPT all -- anywhere 192.168.0.0/16
ACCEPT all -- anywhere 172.16.0.0/12
ACCEPT all -- anywhere sarotrucking-voip-100-snaddr.amplex.net/8
AS0_OUT all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain AS0_IN_PRE (2 references)
target prot opt source destination
AS0_IN all -- anywhere link-local/16
AS0_IN all -- anywhere 192.168.0.0/16
AS0_IN all -- anywhere 172.16.0.0/12
AS0_IN all -- anywhere sarotrucking-voip-100-snaddr.amplex.net/8
ACCEPT all -- anywhere anywhere
Chain AS0_IN_ROUTE (0 references)
target prot opt source destination
MARK all -- anywhere anywhere MARK or 0x4000000
ACCEPT all -- anywhere anywhere
Chain AS0_OUT (2 references)
target prot opt source destination
AS0_OUT_POST all -- anywhere anywhere
Chain AS0_OUT_LOCAL (1 references)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp redirect
ACCEPT all -- anywhere anywhere
Chain AS0_OUT_POST (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere mark match 0x2000000/0x2000000
DROP all -- anywhere anywhere
Chain AS0_OUT_S2C (1 references)
target prot opt source destination
ACCEPT all -- 192.168.0.0/16 anywhere
ACCEPT all -- 172.16.0.0/12 anywhere
ACCEPT all -- sarotrucking-voip-100-snaddr.amplex.net/8 anywhere
AS0_OUT all -- anywhere anywhere
Chain AS0_WEBACCEPT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
root@vpn:/usr/local/openvpn_as/etc#
I've setup a VPN server on a public IP address, this IP's default gateway has routes for internal only IP space and has a route for 172.16.78.0/24 to point to the VPN's public IP address. In Routing if I select NAT everything works fine, I can access 10.0.0.0/8 172.16.0.0/12 and 192.168.0.0/16. If I select Yes, using routing (advanced) I've got not access to those subnets. I've got ip_forward enabled and
Any advice suggestion?
I did check ip_forwarding enabled.
cat /proc/sys/net/ipv4/ip_forward
1
route list:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default xe-2-0-0-26.cor 0.0.0.0 UG 0 0 0 eth0
localnet * 255.255.255.248 U 0 0 0 eth0
172.16.78.0 * 255.255.255.192 U 0 0 0 as0t0
172.16.78.64 * 255.255.255.192 U 0 0 0 as0t1
172.16.78.128 * 255.255.255.192 U 0 0 0 as0t2
172.16.78.192 * 255.255.255.192 U 0 0 0 as0t3
Ip tables:
hain INPUT (policy ACCEPT)
target prot opt source destination
AS0_ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_ACCEPT all -- anywhere anywhere
AS0_IN_PRE all -- anywhere anywhere mark match 0x2000000/0x2000000
AS0_ACCEPT tcp -- anywhere vpn.amplex.net state NEW tcp dpt:915
AS0_ACCEPT tcp -- anywhere vpn.amplex.net state NEW tcp dpt:914
AS0_ACCEPT udp -- anywhere vpn.amplex.net state NEW udp dpt:917
AS0_ACCEPT udp -- anywhere vpn.amplex.net state NEW udp dpt:916
AS0_WEBACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_WEBACCEPT tcp -- anywhere vpn.amplex.net state NEW tcp dpt:943
Chain FORWARD (policy ACCEPT)
target prot opt source destination
AS0_ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_IN_PRE all -- anywhere anywhere mark match 0x2000000/0x2000000
AS0_OUT_S2C all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
AS0_OUT_LOCAL all -- anywhere anywhere
Chain AS0_ACCEPT (7 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain AS0_IN (4 references)
target prot opt source destination
ACCEPT all -- anywhere 172.16.78.1
AS0_IN_POST all -- anywhere anywhere
Chain AS0_IN_NAT (0 references)
target prot opt source destination
MARK all -- anywhere anywhere MARK or 0x8000000
ACCEPT all -- anywhere anywhere
Chain AS0_IN_POST (1 references)
target prot opt source destination
ACCEPT all -- anywhere 192.168.0.0/16
ACCEPT all -- anywhere 172.16.0.0/12
ACCEPT all -- anywhere sarotrucking-voip-100-snaddr.amplex.net/8
AS0_OUT all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain AS0_IN_PRE (2 references)
target prot opt source destination
AS0_IN all -- anywhere link-local/16
AS0_IN all -- anywhere 192.168.0.0/16
AS0_IN all -- anywhere 172.16.0.0/12
AS0_IN all -- anywhere sarotrucking-voip-100-snaddr.amplex.net/8
ACCEPT all -- anywhere anywhere
Chain AS0_IN_ROUTE (0 references)
target prot opt source destination
MARK all -- anywhere anywhere MARK or 0x4000000
ACCEPT all -- anywhere anywhere
Chain AS0_OUT (2 references)
target prot opt source destination
AS0_OUT_POST all -- anywhere anywhere
Chain AS0_OUT_LOCAL (1 references)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp redirect
ACCEPT all -- anywhere anywhere
Chain AS0_OUT_POST (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere mark match 0x2000000/0x2000000
DROP all -- anywhere anywhere
Chain AS0_OUT_S2C (1 references)
target prot opt source destination
ACCEPT all -- 192.168.0.0/16 anywhere
ACCEPT all -- 172.16.0.0/12 anywhere
ACCEPT all -- sarotrucking-voip-100-snaddr.amplex.net/8 anywhere
AS0_OUT all -- anywhere anywhere
Chain AS0_WEBACCEPT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
root@vpn:/usr/local/openvpn_as/etc#