I need some help with a networking project using Linux (RHEL based) and open swan with L2TPd (xl2tpd). While the initial setup works great, I want my VPN traffic to traverse over the secondary network interface which has routes that traverse over a site to site vpn using openswan.
The end game here would be connect via L2TP/IPsec from my phone to the client vpn server. And then my internet traffic from my phone would exit my home network and have my home WAN IP address. I have tried iptables masquerading, SNAT, Forward rules, and even modifying the route table, but I have nothing.
I can do this with OpenVPN, but I think the difference is L2TP cannot push routes to connected clients, like OpenVPN does.
My network is like so:
Home network: 10.0.0.0/24 Cloud Network: 172.31.90.0/27 eth0 public iface 172.31.95.0/27 eth1 private with internet connectivity through my home network.
VPN client network: 192.168.0.0/24
I start with connecting to my vpn server over the public iface and when i check my IP, I get my public IP from the cloud server, however what I want is connect to the vpn server over the cloud public IP address and access the internet via my home network.
Both eth0 and eth1 are default gateways. I have read on forums that I need to create a "vpn route table" and I have tried this which also did not work. Not sure why a ppp0 to eth1 traversal would be any different than say setting up the server as a nat device with a couple of forward rules, however no packets get detected when I do a ppp0 eth1 forward, only the post routing rules get picked up if I use masquerade with no interface options in iptables.
Furthermore, I am unable to ping the eth1 IP from my vpn client no matter what I try, but I can ping eth0 from my vpn client just fine. What am I doing wrong here?
UPDATE: Since eth0 wanted to be the primary interface no matter what I did. I moved the public IP from eth0 to eth1, then I moved the private network from eth1 to eth0. Now everything is working as expected. I still want to know how I could have avoided this though.
Thanks in advance.
