IP routing issues in Ubuntu

Question

I have four servers:

VPN Server (10.12.96.5/28)eth5 & 10.8.0.1(TUN0)
Web Server 10.12.96.4/28
Proxy Server 10.8.0.4/24
PBX Server 10.12.96.3/28
PROXY-----VPN-----WEBSERVER
VPN-----PBX

The VPN server has a private IP 10.12.96.5/28, and a VPN IP of 10.8.0.1.

The Proxy server is unable to ping the web server through the tunnel. (10.8.0.3, can't ping 10.12.96.3, or 10.12.96.4)

The PBX Server (which has the correct routing), can ping 10.12.96.4/28.

pbx routing table

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         gateway         0.0.0.0         UG    0      0        0 eth0
10.8.0.0        10.12.96.5      255.255.255.0   UG    0      0        0 eth1
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
10.12.96.0      0.0.0.0         255.255.240.0   U     0      0        0 eth1
45.32.132.0     0.0.0.0         255.255.254.0   U     0      0        0 eth0
link-local      0.0.0.0         255.255.0.0     U     1002   0        0 eth0
link-local      0.0.0.0         255.255.0.0     U     1003   0        0 eth1
169.254.169.254 gateway         255.255.255.255 UGH   0      0        0 eth0

However, the PBX server is able to communicate with 10.12.96.4/28 (web server)

Proxy routing table

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface`
0.0.0.0         10.8.0.1        128.0.0.0       UG    0      0        0 tun0
default         gateway         0.0.0.0         UG    0      0        0 ens3
10.1.96.0       0.0.0.0         255.255.240.0   U     0      0        0 ens5
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
10.12.96.0      10.8.0.1        255.255.240.0   UG    0      0        0 tun0
45.63.82.91.vul gateway         255.255.255.255 UGH   0      0        0 ens3
128.0.0.0       10.8.0.1        128.0.0.0       UG    0      0        0 tun0
140.82.8.0      0.0.0.0         255.255.254.0   U     0      0        0 ens3
link-local      gateway         255.255.0.0     UG    100    0        0 ens3

I would try to move the tunnel to another subnet. Also, show the routing tables with number only. link-local, gateway ?? — Gerard H. Pille, Aug 18 '18 at 09:30

score 0 · Answer 1 · answered Mar 21 '19 at 00:35

The main issue I see is that you are mixing routing between VPN and wired network.

PBX (10.12.96.3/28) has already reachable VPN subnet via network IP 10.12.96.5 so you don't need VPN connection (do not try to connect via VPN to the network which you have normally reachable - routed !!). This route is sufficient:

10.8.0.0        10.12.96.5      255.255.255.0   UG    0      0        0 eth1

just make sure that Web Server (10.12.96.4/28) has also route 10.8.0.0/24 via 10.12.96.5 and in case you have allowed ip_forward and do not block traffic on firewall level it will work ;-).

IP routing issues in Ubuntu

1 Answers1