I created a L2TP/IPSec tunnel and I am struggling with routing, I cannot SSH to a machine in the remote network. My local system is Debian buster (current testing).
Here is my local networkg config; interface ppp0
is the tunnel interface.
#ip a
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fc:aa:14:27:3a:bf brd ff:ff:ff:ff:ff:ff
inet 192.168.1.13/24 brd 192.168.1.255 scope global dynamic enp1s0
valid_lft 71692sec preferred_lft 71692sec
inet6 fe80::feaa:14ff:fe27:3abf/64 scope link
valid_lft forever preferred_lft forever
14: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1410 qdisc pfifo_fast state UNKNOWN group default qlen 3
link/ppp
inet 172.16.100.15 peer 10.10.10.10/32 scope global ppp0
valid_lft forever preferred_lft forever
I need to connect to 172.16.100.116
server, inside the VPN network. I only need this one addres, other communication should go through my home router.
This is the routing table after creating the tunnel:
# ip r
default via 192.168.1.1 dev enp1s0 proto static metric 100
10.10.10.10 dev ppp0 proto kernel scope link src 172.16.100.15
192.168.1.0/24 dev enp1s0 proto kernel scope link src 192.168.1.13 metric 100
I added:
ip r a 172.16.100.116 via 10.10.10.10
I can ping
it, cannot ssh
(no route). I run wireshark and saw that even TSP SYN
is without the answer (but ICMP
is getting back).
I also discovered that under Windows SSH works in this tunnel, but it is carried as ESP payload, but under Linux I get TCP SYN when trying to SSH.
I tried about dozen of routes and nothing worked for me. Could someone help?
K.