Hi, I have a client who can connect to a VPN in my network without problem. He needs to access a particular node within the LAN

Hi,  I have a client who can connect to a VPN in my network without problem.  He needs to access a particular node within the LAN.

Version of Linux
Linux sasn01 2.6.5-7.252-smp #1 SMP Tue Feb 14 11:11:04 UTC 2006 x86_64 x86_64 x86_64 GNU/Linux

He gets an IP address of when he connects to the VPN.  He needs to connect to on my network.  All the rules are in place on my firewalls to allow him access.  Do I need to add a route on the target system to allow him in.  If I do.........where is this file located and will I need to restart something to allow him in if I add the route?


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

http:// thevpn.guruCommented:
What VPN are you using OPENVPN ?
If so then you need to check the conf file to allow vpn clients to communicate with the target LAN.
columcusackAuthor Commented:
The VPN is not the issue here.  My IP networing team have acknowledged connectivity without a problem.  My question is specifically asking about the server and adding a route?
Yes, the server needs a route back to the VPN network.  Is the target machine a windows or linux box?  You would do this on windows with:
route add <vpn network> mask <vpn netmask> <vpn server address> -p
(the -p makes it persistent so that it will come back when you reboot).
or linux:
route add -net <vpn network> netmask <vpn netmask> gw <vpn server address>

This is how you would do it directly.  However, the machine may (should?) already have an indirect route through the default gateway.  The default gateway on the machine they need to access should be your router.  You could (should?) just add a route on that router for the VPN network so that any machine would be able to get back to the VPN machines (at least have a route, you'd want to protect w/your firewall).  If the route to the vpn network already exists on the router then you have a different problem.  You could try a traceroute from the machine on your local network to the vpn and see how it travels.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

columcusackAuthor Commented:
Thanks arrkerr1024:

It is a linux machine
Linux sasn01 2.6.5-7.252-smp #1 SMP Tue Feb 14 11:11:04 UTC 2006 x86_64 x86_64 x86_64 GNU/Linux

How can I find the default gateway on the Linux server?
/sbin/route -n will show you the routing table on linux.

The one with the destination is the default gateway.  For example here is mine:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface   U     0      0        0 wlan0         UG    0      0        0 wlan0

This tells me that is my local network, so no gateway, and my gateway for everything else ( is
columcusackAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.