Hi,
I have a linux box with 2 IP addresses on it 200.20.20.20 on eth0 and
10.90.90.90 on dummy0. 10.90.90.0/24 is VPN tunnelled to reach
99.99.99.99 (not in private address space, I know).
If I make a request to 99.99.99.99 where there source address is given
as 10.90.90.90 all works well - traffic is routed over the VPN, I can
connect to server at other end. Manually specifying the source
address is however a pain (e.g. can't do it out of the box in
mod_proxy).
If I make a request to 99.99.99.99 without specifying a source address
the box tries to route it via the default internet gateway as opposed
to the VPN. 99.99.99.99 is only available via the VPN.
So uncomfortable as it made me I tried to add a route for 99.99.99.99
ip route add 99.99.99.99 dev dummy0
or
ip route add 99.99.99.99 dev dummy0 src 10.90.90.90
Now if I make a request to 99.99.99.99 without specifying a source
address I can see VPN traffic and SYN/ACKs from 99.99.99.99 over and
over again but no connection. So no joy there.
I'm guessing the overall issue is to do with the fact that the VPN
does not appear as route. I think when a packet matches the setkey
spec the VPN will grab it, otherwise no. The VPN set-up is pretty
much dictated to me from the guys on the other side.
Anyone any ideas/pointers on how to do this?
Thanks,
Paschal.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
