A "bridge" problem...
Posted: Fri Oct 30, 2009 10:22 am
Hi, everybody!
I have some problems configuring my VPN setup...
My goal is to achieve this:
Roaming PC (A) ==> internet ==> Linux VPN Server (B) ==> internet ==> Cisco VPN Firewall (C) ==> LAN (D)
I.E.: i would like to allow some (possibly roaming) users to access a LAN behind a Cisco VPN Firewall; this Firewall allows access just from specific IP's (one of these IP is the public IP of my Linux VPN Server "B", so my users currently can only connect when on Server "B" LAN.
I have (successfully) set up a Cisco VPN Client instance ("vpnc", to allow access to LAN "D"), and a VPN server instance (openvpn, to allow access from roaming users), both on Linux VPN Server "B".
The problem is I can't correctly setup the bridge (I suppose) ...
Currently I have not set up any firewall rules on server "B", accepting all the traffic on the INPUT, OUTPUT and FORWARD chain...
My openvpn server configuration file is this:
My openvpn client configuration file is this:
The Cisco client we currently use (successfully) sets these routes on my windows PC:
The vpnc configuration is something like this:
The problem is I can't access the LAN "D" from the Linux Server "B"...
I've read a lot of documentation about the "route" and the "redirect-gateway" directioves, but I can't figure which one to use...
Anybody any hint? I'm really stumped... ;-(
Thanks in advance!
Marco
I have some problems configuring my VPN setup...
My goal is to achieve this:
Roaming PC (A) ==> internet ==> Linux VPN Server (B) ==> internet ==> Cisco VPN Firewall (C) ==> LAN (D)
I.E.: i would like to allow some (possibly roaming) users to access a LAN behind a Cisco VPN Firewall; this Firewall allows access just from specific IP's (one of these IP is the public IP of my Linux VPN Server "B", so my users currently can only connect when on Server "B" LAN.
I have (successfully) set up a Cisco VPN Client instance ("vpnc", to allow access to LAN "D"), and a VPN server instance (openvpn, to allow access from roaming users), both on Linux VPN Server "B".
The problem is I can't correctly setup the bridge (I suppose) ...
Currently I have not set up any firewall rules on server "B", accepting all the traffic on the INPUT, OUTPUT and FORWARD chain...
My openvpn server configuration file is this:
Code: Select all
dev tun
proto udp
ifconfig 10.8.0.1 10.8.0.2
secret static.key
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
#push "route 172.0.0.0 255.0.0.0"
#push "route 192.168.1.0 255.255.255.0"
#push "route 172.91.101.11 255.0.0.0 net_gateway"
#route 172.91.101.11 255.255.255.255
#server-bridge 172.91.101.11 255.255.255.255 172.92.168.0.100 192.168.0.150
#push "redirect-gateway"
#push "route 172.91.101.11 255.255.255.255"
#push "route 172.0.0.0 255.0.0.0"
#redirect-gateway
#push "route 172.0.0.0 255.0.0.0 default"
log openvpn.log
verb 3
daemon
Code: Select all
remote 58.40.159.195
dev tun
proto udp
ifconfig 10.8.0.2 10.8.0.1
secret static.key
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
#route 172.0.0.0 255.0.0.0
#route 172.91.0.0 255.255.0.0
#route 172.91.101.0 255.255.255.0
#route 172.91.101.11 255.255.255.255
#pull
redirect-gateway
verb 3
Code: Select all
$route PRINT
==========================================================================
Elenco interfacce
0x1 ........................... MS TCP Loopback interface
0x4 ...00 30 05 75 3f 93 ...... Intel(R) PRO/1000 CT Network Connection - Teefer
2 Miniport
0x5 ...00 ff 79 9d 43 ee ...... TAP-Win32 Adapter V8 - Teefer2 Miniport
0x30007 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter - Teefer2 Miniport
===========================================================================
===========================================================================
Route attive:
Indirizzo rete Mask Gateway Interfac. Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.198 20
42.152.109.197 255.255.255.255 192.168.1.1 192.168.1.198 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.0.0.0 255.0.0.0 172.91.101.15 172.91.101.15 1
172.19.0.0 255.255.0.0 172.19.101.15 172.19.101.15 10
172.91.101.15 255.255.255.255 127.0.0.1 127.0.0.1 10
172.91.255.255 255.255.255.255 172.91.101.15 172.91.101.15 10
192.168.1.0 255.255.255.0 192.168.1.198 192.168.1.198 20
192.168.1.1 255.255.255.255 192.168.1.198 192.168.1.198 1
192.168.1.198 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.198 192.168.1.198 20
224.0.0.0 240.0.0.0 172.91.101.15 172.91.101.15 10
224.0.0.0 240.0.0.0 192.168.1.198 192.168.1.198 20
255.255.255.255 255.255.255.255 172.91.101.15 172.91.101.15 1
255.255.255.255 255.255.255.255 172.91.101.15 5 1
255.255.255.255 255.255.255.255 192.168.1.198 192.168.1.198 1
Gateway predefinito: 192.168.1.1
===========================================================================
Route permanenti:
Nessuno
Code: Select all
IPSec gateway 26.152.109.197
IPSec ID iii
IPSec secret sss
IKE Authmode psk
Xauth username user1
Xauth password *****
I've read a lot of documentation about the "route" and the "redirect-gateway" directioves, but I can't figure which one to use...
Anybody any hint? I'm really stumped... ;-(
Thanks in advance!
Marco