5
1
I am setting up a new cluster in my new workplace, and I am still administering another cluster in my last work place. Basically I am "copying" the configuration of the first one to setup the new one.
Now I am at home, and I would like to use both VPN connections simultaneously instead of one after the other to access both clusters at the same time. In my opinion this is not possible, but maybe someone has an idea?
One VPN connection uses OpenVPN and the second uses CISCO VPN client. Or maybe is it possible to play with route rules to obtain that? I am not very experienced in networking.
I am trying to use route -n
to try to re-define the rules for the different sub interfaces. Here is what I get when no VPN is active:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.1.0.1 0.0.0.0 UG 0 0 0 eth0
10.1.0.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
Now If I switch on the cisco VPN (VPN1):
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 xxx.xxx.xxx.117 0.0.0.0 UG 0 0 0 cscotun0
10.1.0.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
xxx.xxx.xxx.0 0.0.0.0 255.255.255.0 U 0 0 0 cscotun0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
192.yy.yy.22 10.1.0.1 255.255.255.255 UGH 0 0 0 eth0
If I swicth on the openVPN (VPN2):
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.1.0.1 0.0.0.0 UG 0 0 0 eth0
10.1.0.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
192.168.1.0 192.168.2.17 255.255.255.0 UG 0 0 0 tun0
192.168.2.17 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
zzz.zzz.zz.zz 10.1.0.1 255.255.255.255 UGH 0 0 0 eth0
And now if I switch on both (first vpn2 and then vpn1):
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 xxx.xxx.xxx.117 0.0.0.0 UG 0 0 0 cscotun0
10.1.0.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
xxx.xxx.xxx.0 0.0.0.0 255.255.255.0 U 0 0 0 cscotun0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
192.yy.yy.22 10.1.0.1 255.255.255.255 UGH 0 0 0 eth0
192.168.2.17 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
Ideally, all the request for xxx.xxx.xxx.0 should go as when only VPN1 is active (cscotun0) and all the requests for 192.168.2.0 should go through 192.168.2.17 (tun0) and the other through eth0 ...
I am not used to routing, and would appreciate any help.
EDIT:
inspired by the answers I am trying to play with route
command to try to correctly setup my config.
to be more clear I have edited the above route tables to reflect the result of route -n
command, which is more informative. I have also modified my home router so that I have 10.1.0.0 nm 255.255.255.0
ip addresses at home.
If I understand well, when only VPN2 (tun0) is active, it uses the defalut gateway of my home (10.1.0.1) and defines a few new routes, tell me if I understand wrong:
192.168.1.0 192.168.2.17 -> this says "everything for 192.162.1.0 network (vpn2 network), then pass through official gateway 192.168.2.17 "
192.168.2.17 0.0.0.0 -> this says "everything for host 192.168.2.17, goes to default gateway (0.0.0.0) " , which is currently pointing to my home rooter"
zzz.zzz.zz.zz 10.1.0.1 -> this says "everything for zzz.zzz.zz.zz . pass through my home router (10.1.0.1)
When I switch on VPN1 alone, it overrides the default gateway with its own (xxx.xxx.xxx.53) and anything is redirected to this. This is also why I can't see my home network btw (if I am right).
Now, I see that when I switch both VPN on, the default gateway is redirected to the one of VPN1 (xxx.xxx.xxx.53), and what I am asking is: How can I set up rules, so that:
- everything for 198.162.1.0 goes through 198.162.2.17
- things for 198.162.2.17 pass through 10.1.0.1
- things for xxx.xxx.xxx.0 pass through xxx.xxx.xxx.117
- things for 10.1.0.0 pass to 10.1.0.1
I have tried to play with with route add
and route del
but I am more or less trying to do things by trial and error, and I would better understant what I am supposed to do, and if the rules I want to apply right here are correct or basically stupid...
EDIT 2: Following the suggestion of MariusMatutiae I append here the result of ifconfig when both VPN are on:
cscotun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:xxx.xxx.xxx.117 P-t-P:xxx.xxx.xxx.117 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1380 Metric:1
RX packets:21 errors:0 dropped:0 overruns:0 frame:0
TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:4007 (4.0 KB) TX bytes:3789 (3.7 KB)
eth0 Link encap:Ethernet HWaddr 00:21:cc:6b:3e:ae
inet addr:10.1.0.226 Bcast:10.1.0.255 Mask:255.255.255.0
inet6 addr: fe80::221:ccff:fe6b:3eae/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28245 errors:0 dropped:0 overruns:0 frame:0
TX packets:29039 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:14287030 (14.2 MB) TX bytes:5521200 (5.5 MB)
Interrupt:20 Memory:f3a00000-f3a20000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:9928 errors:0 dropped:0 overruns:0 frame:0
TX packets:9928 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4962141 (4.9 MB) TX bytes:4962141 (4.9 MB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.2.18 P-t-P:192.168.2.17 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:719 errors:0 dropped:0 overruns:0 frame:0
TX packets:764 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:103523 (103.5 KB) TX bytes:56000 (56.0 KB)
EDIT 3:
descritpion of what does not work: after I switch both VPN on, I cannot reach VPN tun0; and if I try to ping
something outside xxx.xxx.xxx.0 I get ping: sendmsg: Operation not permitted
.
Ideally, I would like to access to both VPN (if the DNS for VNP nets does not work I can manage it with direct IP, not a problem) and ideally access to my local lan too...
Unfortunately I am not enough an iptables expert to undrestand how I am supposed to do.
Thanks in advance
I have 5 VPNs connected at the same time on one of my system that routes/firewalls traffic between the various VPNs. Getting it all setup right is simply about properly understanding and configuring your routes. – Zoredache – 2014-01-31T00:19:53.137
I do this all the time. I use two paid services. Both support OpenVPN – Ramhound – 2014-02-01T01:41:40.723
THanks, could you please add an answer to show me a couple of
route
commands to do it please? Thanks – Danduk82 – 2014-02-02T15:23:29.0501What exactly is wrong with your configuration right now? Which of the two subnets you cannot reach? Can you reach the internet? Have you checked that the three subnets are all different? Have you checked that the OpenVPn client and server configuration files do not contain a satement including def1? – MariusMatutiae – 2014-02-06T14:01:00.397
after I switch on cscotun0 I cannot reach the tun0 vpn. I have checked, no def1 in both configurations. See my 3rd edit. – Danduk82 – 2014-02-06T20:53:50.347