Re: Share VPN connection
On 30/11/2013 20:22, François Fayard wrote:
Without the VPN, route gives :
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default livebox.home 0.0.0.0 UG 0 0 0 eth1
10.42.0.0 * 255.255.255.0 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
With the VPN, route gives :
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default * 0.0.0.0 U 0 0 0 ppp0
10.42.0.0 * 255.255.255.0 U 0 0 0 eth0
strong-mf35.rel 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1
strong-mf35.rel 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1
129.189.255.173 * 255.255.255.255 UH 0 0 0 ppp0
this seems to be the reverse of what was in ifconfig for ppp0. I'm
not sure if that is correct.
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
I notice that your shared eth1 local LAN network is using
192.168.1.0/24,
and your machine's IP address on eth1 is 192.168.1.30.
That address, 192.168.1.30, will be the local LAN's gateway to your
external VPN. So check that all the other machines have a gateway
setting of 192.168.1.30.
I'm a bit surprised to see the VPN *also* has a route in the
192.168.1.0/24 range. I would have expected the VPN to be a different
subnet. I don't know how people set up VPNs but I guess there's some
kind of decision about IP addresses hosts must have. If your eth1
physical network is using 192.168.1.0/24, and the VPN is using that
also, I don't think that will work. But, Francois, I am not sure, I
have not set up VPNs. We need someone who knows more to step in.
I think the problem is a routing gateway; and I am suspicious of the
'*' entry on the default line. My guess is that the default route
should not be *, should not be 192.168.1.anything, but should be
something like the ppp0 far end address, which is 173.255.189.129 .
I don't think you should change anything based on my sayso but,
instead, if you could re-check the instructions you followed to set up
the VPN, and try to make sure your VPN does not co-incide with the
your local LAN subnet, I think that might help.
Also, be clear what
(a) the address is that the other machines use to reach your Debian
system (that is the 'gateway' address for them), and
(b) it should be a different gateway address from the 'gateway
address' that your Debian machine uses for its gateway
(c) and the gateway address address that your debian machine uses
should be on the default route line in the route table, I believe.
(d) and your VPN should be on a different IP address subnet from the
local LAN subnet
I'm not expert in VPNs - they are slightly more complex than basic net
to net routing where different nets are on different interfaces, but
these are my suggestions. I hope that others with deeper knowledge of
VPNs would chime in, because I am not sure that all I have said here
is necessary. But recheck your guidance notes, keeping in mind these
points.
regards, Ron
Reply to: