Iptables – IPSec VPN routing

ipseciptablesroutevpn

This is supposed to be a pretty simple question but I couldn't google a answer for it!

I have a ipsec VPN tunnel established between 1.1.1.1 and 2.2.2.2 (public IPs). The first machine (1.1.1.1) has a LAN with gateway 10.253.0.93. Inside this LAN, there is a machine with IP 172.21.83.60 (the gw already has the rules to forward traffic from 10.252.0.93 to 172.21.83.60).

In machine 2.2.2.2, I'm able to ping 10.252.0.93 normally. That's prove that the VPN is correctly established.

My question is: what I need to do in order to be able to ping machine 172.21.83.60 from 2.2.2.2? I tried to add a route using command:

route add -net 172.21.83.0 netmask 255.255.255.0 gw 10.253.0.93

but got:

SIOCADDRT: No such process

Best Answer

What about NAT do you nat your traffic with iptables? You shouldn't do it (traffic that goes to you ipsec tunnel should bypass NAT rule, like this:

iptables -t nat -A POSTROUTING ! -d <ipsec_lan> -j SNAT --to-source <ip>

ipsec vpn in linux makes low-level traffic routing and encryption you can see it with

ip xfrm state

Also, try to chose interface for ping source, might help.

Best Answer

Related Solutions

How to set up routing for a VPN gateway separate from the main gateway

Nat – How to route a public IP range over an IPSEC VPN

Related Topic