Home Page › Forums › Network Management › VPN › vpn, connection to the internet but not to the local lan
- This topic is empty.
-
AuthorPosts
-
August 12, 2010 at 9:05 am #42580
networker007
Memberfinally I managed to configure the vpn.
The problem is that I get a connection to the internet, but not to the local network (192.168.1.0/24).
What do I have to?Uploaded with ImageShack.us
August 12, 2010 at 5:57 pm #50895ppalias
MemberShow us the configuration page of the vpn server. Also there is a button “NET” where you configure the networks that will be sent to the vpn client whenever he connects to the server.
August 13, 2010 at 5:04 am #50896networker007
Memberhere some screenshots…. many thanks for help!!!!
Uploaded with ImageShack.us
Uploaded with ImageShack.us
Uploaded with ImageShack.us
Uploaded with ImageShack.us
Uploaded with ImageShack.us
Uploaded with ImageShack.us
Uploaded with ImageShack.us
August 14, 2010 at 5:04 pm #50897redfive
Participantthe RIPv2 is not necessary, but what’s exactly what you want do ? reach the 192.168.1.0/24 network via VPN from the Internet or from a network behind zs ( 192.168.0.0/24 and 192.168.10.0/24 ) ?
bye
jonathaAugust 14, 2010 at 9:47 pm #50898networker007
Memberi wanna reach my network 192.168.1.0/24 from the internet through the router 192.168.1.100 and through the zs vpn 192.168.250.0/24
and
reach my network 192.168.1.0/24 over the wifi-AP 192.168.10.0/24 when i connected wia wifi
August 18, 2010 at 1:22 am #50899ppalias
MemberThere are 2 things wrong here. In the routing table you have 192.168.1.0/24 reachable both from ETH00 and ETH01. Second in the DHCP configuration for the subnet 192.168.10.0/24 you have assigned as gateway 192.168.1.75 though it should be 192.168.10.75
This is the reason you cannot reach anything from the wifi.
I suggest removing the arguments from openvpn configuration and also remove Source NAT at the “Client IP Address Assignment”August 23, 2010 at 4:30 pm #50900networker007
Member@ppalias wrote:
There are 2 things wrong here. In the routing table you have 192.168.1.0/24 reachable both from ETH00 and ETH01.
i removed the dyn.IP from ETH0
it should be 192.168.10.75
OK, changed to 192.168.10.75
I suggest removing the arguments from openvpn configuration and also remove Source NAT at the “Client IP Address Assignment”
Arguments (Command Line Parameters ) in the Ovpn removed. also SOURCE NAT
Now i can reach the INTERNET but NOT the network 192.168.1.0/24
whats wrong????? i dont know
thanks to ppaliasAugust 24, 2010 at 6:28 am #50901ppalias
MemberIf you do a tracert to a station on 192.168.1.0/24 network, where does it stop? Give us the output here. Also a “route print” (if you are using Windows, otherwise “route -n”) from the test pc that connects with openvpn and the test pc in the 192.168.1.0/24 network. What is the firewall policy and rules in the ZS for the forwarding chain?
August 26, 2010 at 1:26 am #50902networker007
Member@ppalias wrote:
If you do a tracert to a station on 192.168.1.0/24 network, where does it stop?
here the output from the notebook by connecting via vpn over wifi:
notebook:~ macbook$ route get 192.168.250.1
route to: 192.168.250.1
destination: default
mask: default
gateway: 192.168.10.75
interface: en1
flags:
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0
notebook:~ macbook$ route get 192.168.1.100
route to: 192.168.1.100
destination: 192.168.1.0
mask: 255.255.255.0
gateway: 192.168.250.254
interface: en1
flags:
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 1500 0192.168.1.100 is the WAN-Router to the Internet
What is the firewall policy and rules in the ZS for the forwarding chain?
Uploaded with ImageShack.us
August 26, 2010 at 8:42 am #50903ppalias
MemberYou didn’t answer my questions…
August 26, 2010 at 9:37 am #50904networker007
MemberWhat exactly should I check. I have perhaps not fully understood. can you say it in another words or describe in more detail what I should check.
many thanks
August 26, 2010 at 10:50 am #50905ppalias
MemberDo a traceroute to a station in 192.168.1.0/24 network. If you don’t have any active station do it on 192.168.1.75
Show us the routing table of your client. Since you are on Mac I think it can be seen with the commandnetstat -rn
October 22, 2010 at 9:18 am #50906networker007
Memberhere the output: traceroute
MacBook-Pro:~ nb$ traceroute 192.168.1.75
traceroute to 192.168.1.75 (192.168.1.75), 64 hops max, 52 byte packets
traceroute: sendto: Network is unreachable
1 traceroute: wrote 192.168.1.75 52 chars, ret=-1
*traceroute: sendto: Network is unreachable
traceroute: wrote 192.168.1.75 52 chars, ret=-1
^C
MacBook-Pro:~ nb$here the output: netstat -r
Last login: Fri Oct 22 11:06:06 on ttys000
MacBook-Pro:~ nb$ netstat -r
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.10.75 UGSc 22 30 en1
default 255.255.255.0 UGScI 0 0 tun0
10.37.129/24 link#9 UC 1 0 vnic1
10.37.129.2 0:1c:42:0:0:9 UHLWI 1 1 lo0
10.211.55/24 link#8 UC 1 0 vnic0
10.211.55.2 0:1c:42:0:0:8 UHLWI 0 1 lo0
127 localhost UCS 0 0 lo0
localhost localhost UH 9 270 lo0
169.254 link#5 UCS 0 0 en1
192.168.0 192.168.250.254 UGSc 0 0 en1
192.168.1 192.168.250.254 UGSc 1 7 en1
192.168.10 link#5 UCS 10 0 en1
192.168.10.2 localhost UHS 0 0 lo0
192.168.10.75 0:80:48:7e:26:a4 UHLWI 3 3 en1 1183
255.255.255.0 192.168.250.1 UH 1 0 tun0
Internet6:
Destination Gateway Flags Netif Expire
localhost localhost UH lo0
fe80::%lo0 localhost Uc lo0
localhost link#1 UHL lo0
fe80::%en1 link#5 UC en1
mac f8:1e:df:ef:c9:69 UHL lo0
ff01:: localhost Um lo0
ff02:: localhost UmC lo0
ff02:: link#5 UmC en1
MacBook-Pro:~ nb$i dont know where is the problem…. please help again. or is there a bug on zs-b13??
October 22, 2010 at 1:50 pm #50907ppalias
MemberNo I don’t think this is caused by a bug on ZS.
Please do a ping to 192.168.1.75 ; does it reply?
Also on ZS run the commandifconfig -a
route -nto make sure they are configured ok after the changes you have done so far.
Finally something else I noticed is that there is no point running RIP and NATing the ETH01 interface. You’ll do either of these. If you select NAT you’ll have to do some port forwarding as well to access the internal networks (in case you want to). I’d suggest RIP.October 22, 2010 at 4:05 pm #50908networker007
Memberdear ppalias….
ifconfig -a
root@zeroshell root> ifconfig -a
DEFAULTBR Link encap:Ethernet HWaddr FE:DE:36:54:F5:D6
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ETH00 Link encap:Ethernet HWaddr 00:0D:B9:14:2F:30
inet addr:192.168.1.240 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19070 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2081929 (1.9 Mb) TX bytes:684 (684.0 b)
Interrupt:10 Base address:0x4000
ETH00:00 Link encap:Ethernet HWaddr 00:0D:B9:14:2F:30
inet addr:192.168.0.75 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:10 Base address:0x4000
ETH01 Link encap:Ethernet HWaddr 00:0D:B9:14:2F:31
inet addr:192.168.1.251 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:633924 errors:0 dropped:0 overruns:0 frame:0
TX packets:270738 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:740100412 (705.8 Mb) TX bytes:18759745 (17.8 Mb)
Interrupt:12 Base address:0x6000
ETH01:00 Link encap:Ethernet HWaddr 00:0D:B9:14:2F:31
inet addr:192.168.1.75 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:12 Base address:0x6000
ETH02 Link encap:Ethernet HWaddr 00:80:48:7E:26:A4
UP BROADCAST RUNNING MULTICAST MTU:2290 Metric:1
RX packets:324251 errors:0 dropped:0 overruns:0 frame:0
TX packets:614435 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:19022105 (18.1 Mb) TX bytes:737717143 (703.5 Mb)
ETH02:00 Link encap:Ethernet HWaddr 00:80:48:7E:26:A4
inet addr:192.168.10.75 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:2290 Metric:1
VPN99 Link encap:Ethernet HWaddr 00:FF:78:DF:F9:24
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
VPN99:00 Link encap:Ethernet HWaddr 00:FF:78:DF:F9:24
inet addr:192.168.250.254 Bcast:192.168.250.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
dummy0 Link encap:Ethernet HWaddr 62:AE:7D:5C:96:AF
inet addr:192.168.141.142 Bcast:192.168.141.255 Mask:255.255.255.0
BROADCAST NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
dummy1 Link encap:Ethernet HWaddr 4A:2A:03:AC:60:A6
inet addr:192.168.142.142 Bcast:192.168.142.255 Mask:255.255.255.255
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6779 errors:0 dropped:0 overruns:0 frame:0
TX packets:6779 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:439772 (429.4 Kb) TX bytes:439772 (429.4 Kb)
wifi0 Link encap:UNSPEC HWaddr 00-80-48-7E-26-A4-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:329772 errors:0 dropped:0 overruns:0 frame:774
TX packets:619042 errors:449 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:199
RX bytes:31725516 (30.2 Mb) TX bytes:763097680 (727.7 Mb)
Interrupt:9
root@zeroshell root>route -n
root@zeroshell root> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ETH01
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ETH00
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ETH00
192.168.250.0 0.0.0.0 255.255.255.0 U 0 0 0 VPN99
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 ETH02
0.0.0.0 192.168.1.100 0.0.0.0 UG 0 0 0 ETH01
root@zeroshell root>ping from mac-notebook to 192.168.1.75: Destination Host Unreachable
if no rip and no nat is enabled there is no connection to the internet, nor to the internal network. is only activated eth01 nat on, then does the internet. the internal network is still not
-
AuthorPosts
- You must be logged in to reply to this topic.