Sunday, October 21, 2018

Re: VPN over alias address

Adding the route to other side network from the alias address does work:
route add 192.168.99.0/24 50.79.22.45

On Sun, Oct 21, 2018 at 1:58 PM Sonic <sonicsmith@gmail.com> wrote:
>
> On Mon, Oct 15, 2018 at 7:17 PM Stuart Henderson <stu@spacehopper.org> wrote:
> > The problem is _not_ that your source address is 50.79.22.41,
> > because it wouldn't work with 50.79.22.45 either, you need to be
> > using an address that is covered by the flows (say 192.168.55.1).
> >
> > Try "ping -I $source_ip $dest_ip" with various addresses as $source_ip
> > and you should see better how it works.
>
> Using your ping example - it does work from the alias address of
> 50.79.22.45 and not from the other addresses.
>
> > The usual bodge around this is to have a local address within the
> > VPN'd network on your router (which is normally the case anyway -
> > with examples above, say 192.168.55.1) and add a route to the
> > "other side" network e.g."route add 192.168.99.0/24 192.168.55.1"
> > - i.e. using your *own* address as the destination).
>
> Adding the route does not resolve the issue.
> From a totally separate remote site, with no IP aliases on the ext_if
> it works just fine. No route add necessary.
>
> Chris

No comments:

Post a Comment