0

I have a Ubuntu server (172.10.200.11) and many remote terminal units with simcards and each individual simcard operator using different IP pool such as 10.57.0.0/16 for OP-A, 10.112.0.0/16 for OP-B, etc.

In the server actually i am using a routing table to be able to access the remote terminal units on diffent IP pools. Without this routing table i have no access to the IP pools. For instance : 10.57.0.0/16 using gw 172.10.238.1 10.112.0.0/16 using gw 172.10.238.2 10.155.0.0/16 using gw 172.10.238.3

And...

Actually i am using "Cisco VPN Client" to access my server IP from outside of datacenter. For this purpose i am making a connection to VPN gateway using "Cisco VPN CLient" application then trying to ping my server's IP 172.10.200.11

I can do the following things successfully from my laptop after my VPN Connection established to VPN Gateway:

  • Establish Remote Desktop connection the server's IP:172.10.238.3
  • Establish SSH connection from my laptop to the server's IP:172.10.238.3
  • ICMP ping to the server's IP:172.10.238.3
  • Traceroute to the server's IP:172.10.238.3

For checking the connection (up or down) status of Remote Terminal Units i am connecting to the server via SSH or Remote Desktop then trying to ping to the IP address of Remote Terminal Unit.

Everything is OK until here but this way consumes too much bandwidth especially in case if connect via Remote Desktop connection.

  1. Connect to VPN Gateway using "Cisco VPN Client" from the laptop
  2. Establish a Remote Desktop connection to server's IP
  3. Open Browser in the server on Remote Desktop Connection.
  4. Enter Remote Terminal Unit (RTU)'s IP (10.155.1.22) on the browser and do what you want!
  5. Successfullu establish an ICMP ping to the RTU's IP address (10.155.1.22) in a terminal screen on Remote Desktop or in a SSH connection session.

But i want to do following:

  • Connect to VPN Gateway using Cisco VPN Client from the laptop
  • Open Browser in the laptop
  • Enter Remote Terminal Unit's IP (10.155.1.22) on browser and do what you want!
  • Successfully establish an ICMP ping to the RTU's IP address (10.155.1.22) in a shell/terminal screen on my laptop (NOT in Remote Desktop)

Restrictions:

  • Actually i have no right to change the VPN gateway settings. But i can only change the server settings to achieve this.

Is there any way to do this? I know it exist but my mind confused. First i have installed Hamachi but this way give me access to server without need of VPN connection. But still i can not directly ping to RTU IP's from my laptop. It did not resolved my problem.

In technically i want to use my server act as a "router" to route/forward incoming requests from my laptop (ICMP & IP packets) to the RTU's IP.

I have researched about how to enable IP MASQUERADE or IP FORWARDING on Ubuntu 16.04. If i am right -technically- it needs 2 NICs or 2 Different IPs on the machine. But i have only one IP (Bonded) on my server.

I need to reach directly to the RTU IP addresses from my laptop and my server should be acting as a router/gateway or etc. to achieve this.

Is there anybody can explain me step-by-step how to do this on Ubuntu?

Click to see picture of my system diagram

crackerboy
  • 1
  • 1
  • 2
  • iptables and MASQUERADE are (I think) the right track - openVPN creates the 2nd NIC you are thinking of (in this case tun or tap interfaces), and you can masq your pool to your server's IP. – iwaseatenbyagrue Apr 04 '17 at 18:04

2 Answers2

0

First, answering your questions: You need to add a route to your laptop, saying that traffic to your OP networks must be sent to the VPN Server, which will route it to the proper gateway.

When your laptop establishes a VPN connection, it has to be added the route like:

- route add 10.57.0.0 mask 255.255.0.0 gw <YOUR_VPN>
- route add 10.112.0.0 mask 255.255.0.0 gw <YOUR_VPN>

And the same for any other gateways in the middle.

In the same way, each gateway in the middle has to have a route pointing the VPN IP range to the VPN server. In a short, each gateway and node from your network needs to have a routing table capable to route internal packets to the appropriate node or gateway.

Besides that, if you only want to monitor nodes uptime, I suggest you using Icinga2, so you can have a server sending health-checks to every node, and being notified in case anyone got unresponsible.

surfingonthenet
  • 695
  • 2
  • 6
0

You need to add routes for the 10.57.0.0/16 etc. networks to your VPN client so that they are routed via the server IP. You should be able to add the routes in your VPN server settings. I don't know details on how they would be added in Cisco VPN server.

Tero Kilkanen
  • 34,499
  • 3
  • 38
  • 58
  • I have installed OpenVPN to my server and now i am connecting first Cisco VPN to access Cisco VPN gateway to redirect or authenticate me to acces my server as usual then connecting to Open VPN (installed on my server) to redirect my packets/route on server but no success. I could not ping to any of RTU's like 10.155.1.22 etc. But directly from server, yes i can ping but from my laptop no! – crackerboy Apr 03 '17 at 11:19
  • If I understand your network configuration correct, there is no need for OpenVPN, just addfing routes on the Cisco VPN such that clients know where to send packets to those RTU subnets. – Tero Kilkanen Apr 03 '17 at 12:26
  • Do you mean Cisco VPN client or Cisco VPN server (apliance)? In case if you mean Cisco VPN server (most probably), i have no access right to this device. I am only an end user not an administrator! But thanks for your advice. – crackerboy Apr 04 '17 at 14:56