Link to home
Start Free TrialLog in
Avatar of paries
paries

asked on

Help with a VPN/ local ip config (should be a simple problem)

Hello,
I originally posted this on the routers/switches section, but i think after composing it, this may be my linux box that is the problem

Here is the description
Hello,
I am setting up a VPN using a WRV54G router

I am really close but i have a configuration or network setting wrong somewhere.

Go here are the details

I have a linksys WRV54G (192.168.2.1) and then on the lan of the linksys i have a laptop(192.168.2.100) and a linux box(192.168.2.99).

the linux box has 3 nics. 1 public IP and two private ips (192.168.0.240 and 192.168.2.99) . See the linux box ifconfig stats below.

so here is what works and what does not, when i connect to the VPN using the linksys vpn client.

- from my pc (the client), i can ping the router and the laptop but not the linux box.
- from my PC , i can get to the router http admin page, and vnc to the laptop .
- i can not get to the web server on the linux box

from the linux box i can ping the router 192.168.2.1 and the laptop 192.168.2.100 and myself 192.168.2.99

As i type this it seems that i must have something configured incorrectly on the linux box?

Thanks for any help


eth0      Link encap:Ethernet  HWaddr 00:E0:81:5A:62:F8  
          inet addr:66.xx.xxx.xxx Bcast:xxx.xxx.xxx.255  Mask:255.255.255.128
          inet6 addr: fe80::2e0:81ff:fe5a:62f8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:12234 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11024 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1092070 (1.0 MiB)  TX bytes:13058275 (12.4 MiB)
          Interrupt:233

eth1      Link encap:Ethernet  HWaddr 00:E0:81:5A:62:F9  
          inet addr:192.168.0.240  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::2e0:81ff:fe5a:62f9/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10141 errors:0 dropped:0 overruns:0 frame:0
          TX packets:493 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1844510 (1.7 MiB)  TX bytes:36578 (35.7 KiB)
          Interrupt:50

eth2      Link encap:Ethernet  HWaddr 00:08:A1:7A:83:34  
          inet addr:192.168.2.99  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::208:a1ff:fe7a:8334/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:503 errors:0 dropped:0 overruns:0 frame:0
          TX packets:208 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:62662 (61.1 KiB)  TX bytes:121403 (118.5 KiB)
          Interrupt:233 Base address:0x2000

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:300 errors:0 dropped:0 overruns:0 frame:0
          TX packets:300 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:74121 (72.3 KiB)  TX bytes:74121 (72.3 KiB)
Avatar of Arty K
Arty K
Flag of Kazakhstan image

Probably you have a routing problems.
What is IP address of your PC (VPN client)?

If it differs from 192.168.2.x, you need to add one more route to your Linux box.
The command looks like that:
route add -net x.x.x.x netmask y.y.y.y gw 192.168.2.1 metric 2 dev eth2

where x.x.x.x is a netwofk number of your VPN client's address space and y.y.y.y is a netmask.
You ure unlucky if you have 192.168.0.x IP on VPN client, in that case you need to change addressing schema.
Avatar of paries
paries

ASKER

Nopius

Thanks for your help

I do have more questions though
where x.x.x.x is a netwofk number of your VPN client's address space and y.y.y.y is a netmask.

so we have to know the address of the client space? The reason we are doing this is a couple of us travel alot. So are we going to have add a new route for each hotel if it is different than what we have?

i was going to change the addressing scheme to 10.2.2.x cause i know when we are home we both have 192.168.0 networks. But not sure what to do with the hotel thing

Thanks
Randy
When you connect to your VPN router from outside, your client is assigned some IP address. The question is:
-  how the address is assigned? Statically or by DHCP?
- who assignes that IP address? It can be Linksys or some other DHCP server in case of DHCP, or it can be a user in case of manual IP.

When you connect to VPN please check IP address settings of your virtual VPN connection.
If you have Windows, run on your VPN client: ipconfig /all
If you have *nix, run: ifconfig -a

Both theses commands show IP address and netmask. Network address may be calculated from these two values.
Avatar of paries

ASKER

I am using a linksys router for my VPN server.
I connect to the linksys via the linksys VPN Client
here is the ipconfig /all from the pc i am trying to connect to

the only thing i notice that is different is the  
DNS Servers . . . . . . . . . . . : 10.2.2.1

So should i be getting a new IP assigned from the vpn client? wow i know nothing about this stuff

this linksys is a dhcp server, but i have the ip set as static on the linux box i am trying to get to
eth2      Link encap:Ethernet  HWaddr 00:08:A1:7A:83:34  
          inet addr:10.2.2.99  Bcast:10.255.255.255  Mask:255.0.0.0
          inet6 addr: fe80::208:a1ff:fe7a:8334/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3931 errors:0 dropped:0 overruns:0 frame:0
          TX packets:228 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:374222 (365.4 KiB)  TX bytes:123053 (120.1 KiB)
          Interrupt:233 Base address:0x2000

here is the route statment from the linux box

[root@mrburns ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
66.xxx.xxx.xxxx  *               255.255.255.128 U     0      0        0 eth0
192.168.0.0       *               255.255.255.0   U     0      0        0 eth1
169.254.0.0      *               255.255.0.0     U     0      0        0 eth2
10.0.0.0           *               255.0.0.0       U     0      0        0 eth2
default         rtr.coleresourc 0.0.0.0         UG    0      0        0 eth0







C:\Documents and Settings\paries>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : BIGBLUE
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : unitnet

Ethernet adapter Local Area Connection 3:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connectio
        Physical Address. . . . . . . . . : 00-0C-F1-83-48-36
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.103
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1
        DHCP Server . . . . . . . . . . . : 192.168.0.1
        DNS Servers . . . . . . . . . . . : 10.2.2.1
                                            66.208.187.129
                                            66.208.187.132
        Lease Obtained. . . . . . . . . . : Tuesday, May 23, 2006 10:40:53 PM
        Lease Expires . . . . . . . . . . : Friday, June 02, 2006 10:40:53 PM
So should i be getting a new IP assigned from the vpn client?
Often, but not always. Depends of type of your VPN connection. I'm not shure about linksys vpn client.

Is this ipconfig /all issued after VPN client got up?
Also post here a routing table from the  laptop (192.168.2.100).

You can't have two networks 192.168.0.0 with mask 255.255.255.0 in your LAN.
One of which seems to be connected to eth1 on your Linux Box and the other is that assigned to your VPN client.

Ping packets going to Linux box to IP address 192.168.0.240 don't go further besides your linksys, since it suppose this network is locally connected.
Ping packets to Linux's other IP address are coming to linux, then replies are router to eth1, not to eth2 (where they should be routed).

My suggestion is to change VPN's ip address space from 192.168.0.0-255 to some other network.
Avatar of paries

ASKER

"Is this ipconfig /all issued after VPN client got up?"
yes

C:\Documents and Settings\paries>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0c f1 83 48 36 ...... Intel(R) PRO/1000 MT Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0            0.0.0.0      192.168.0.1   192.168.0.103       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.0.0    255.255.255.0    192.168.0.103   192.168.0.103       20
    192.168.0.103  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.0.255  255.255.255.255    192.168.0.103   192.168.0.103       20
        224.0.0.0        240.0.0.0    192.168.0.103   192.168.0.103       20
  255.255.255.255  255.255.255.255    192.168.0.103   192.168.0.103       1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None

SO
i change the vpn router to have an IP of 10.2.2.1 and the linux box to have an ip of 10.2.2.99

so the linux box it looks like
eth1      Link encap:Ethernet  HWaddr 00:E0:81:5A:62:F9  
          inet addr:192.168.0.240  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::2e0:81ff:fe5a:62f9/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:97388 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3310 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:17770790 (16.9 MiB)  TX bytes:298836 (291.8 KiB)
          Interrupt:50

eth2      Link encap:Ethernet  HWaddr 00:08:A1:7A:83:34  
          inet addr:10.2.2.99  Bcast:10.255.255.255  Mask:255.0.0.0
          inet6 addr: fe80::208:a1ff:fe7a:8334/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3931 errors:0 dropped:0 overruns:0 frame:0
          TX packets:228 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:374222 (365.4 KiB)  TX bytes:123053 (120.1 KiB)
          Interrupt:233 Base address:0x2000

route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
66.208.187.128  *               255.255.255.128 U     0      0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth1
169.254.0.0     *               255.255.0.0     U     0      0        0 eth2
10.0.0.0        *               255.0.0.0       U     0      0        0 eth2
default         rtr.coleresourc 0.0.0.0         UG    0      0        0 eth0









i change the vpn router to have an IP of 10.2.2.1 and the linux box to have an ip of 10.2.2.99
NO. The problem will persist.

Please provide routing table of laptop in your LAN. That's importent.
let me to explain. When you change 192.168.2.x to 10.2.2.x you problem can't be solved because you still have dual 192.168.0.x networks in your topology.
BTW what is an eth0 (192.168.0.240) on your Linux, to what network it's connected and by what media type?
Avatar of paries

ASKER

Thanks for your help and extreme patience

so on my laptop i do a netstat -r to get the route table. Is that correct??
C:\Documents and Settings\paries>netstat -r

Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0c f1 83 48 36 ...... Intel(R) PRO/1000 MT Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.103       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.0.0    255.255.255.0    192.168.0.103   192.168.0.103       20
    192.168.0.103  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.0.255  255.255.255.255    192.168.0.103   192.168.0.103       20
        224.0.0.0        240.0.0.0    192.168.0.103   192.168.0.103       20
  255.255.255.255  255.255.255.255    192.168.0.103   192.168.0.103       1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None


eth0 is a GB lan of 10 linux boxes

Not sure what you mean media type?

Thanks

ASKER CERTIFIED SOLUTION
Avatar of Arty K
Arty K
Flag of Kazakhstan image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of paries

ASKER

giving up on this on. I am nuking the linksys and buying a netgear vpn and putting it on the lan
Thanks for your help
eeh, it was not a hardware problem :-(
Avatar of paries

ASKER

actually that was never part of the discussion. about every 3rd time i changed the config i had to restore to factory defaults.

Sorry never mentioned that part
RP