I got the following network setup:
- LAN: 10.10.2.0/24 -> IPSec -> 10.10.1.0/24 (VPN Server addr: 10.10.1.5/24)
- VPN: 10.10.3.0/24
IPSec connection is transparent
Users between 10.10.1.0/24 and 10.10.2.0/24 are able to communicate, users from 10.10.1.0/24 are allowed to access users from VPN network.
I am trying to route users from 10.10.2.0/24 to 10.10.3.0/24(VPN)
I've added the following static route on the main router at 10.10.2.0/24
ip route add 10.10.3.0/24 via 10.10.1.5 dev eth0 (WAN Interface)
But it didn't worked. So my question is, what did I miss?
Here is the ping output from 2.0/24 host:
[root@host ~]# ping 10.10.3.50
PING 10.10.3.50 (10.10.3.50) 56(84) bytes of data.
From 10.10.2.1: icmp_seq=1 Redirect Host(New nexthop: 10.10.1.5)
From 10.10.2.1: icmp_seq=2 Redirect Host(New nexthop: 10.10.1.5)
^C
--- 10.10.3.50 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1479ms
Firewall on 1.5/24 is disabled.
Best Answer
It seems that the return path for the packets is not known. To be sure you would need to check intermediate routes, I'll get to that in the end.
When you ping 10.10.3.50 from the 10.10.2.0/24 host it is forwarded your default gateway (lets assume 10.10.2.1), then itself checks its own routing table and sees the route for 10.10.3.0/24 via 10.10.1.5. A ICMP redirect can normally be ignored since its purpose is only to shorten hops needed and router load. But it is sent because its seems that the next hop is on the same physical net as the request cames from.
But what you should check is wheter or not the 10.10.3.0/24 router as a route for the source subnet 10.10.2.0/24.