- This topic has 2 replies, 2 voices, and was last updated 7 months, 3 weeks ago by
.
-
Posts
-
I’m baffled what kind of routing rule I need to route traffic from my local LAN -> ZS box -> VPN tunnel. Everything works fine without the VPN,
My WAN is a 4G modem via pppoe, ETH00 has NAT and DHCP enabled. (All computers on LAN have internet connectivity now, DHCP default gateway = ZS box local address). If I fire up the VPN (commercial service provider), it connects just fine and ZS box has connectivity via VPN (tracepath confirmed).
When VPN is up, all LAN computers lose connectivity to internet (connection to ZS box stays up).
VPN00 has these options and interface VPN00 has NAT enabled:
--dev tun0 --dev-type tun --topology subnet --pull --config /Database/serviceproviderfile.ovpn --auth-user-pass /Database/passwordfile --redirect-gatewayPlease help, what I’m missing here?
Success:
Postrouting chain for VPN00 had no packets going in or out => tun00 interface had no NAT, and it’s not listed in NAT enabled interfaces.
If adding manually
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADErouting from ETH00 -> VPN00 works.
Based on that, I found this thread which deals with the same thing.
Dynamic crypto map – is one of the ways to accommodate peers sharing the same characteristics (for example multiple branches offices sharing the same configuration) or peers having dynamic IP addressing.
gbwhatsapp 2018
- You must be logged in to reply to this topic.