vpn, connection to the internet but not to the local lan

Home Page Forums Network Management VPN vpn, connection to the internet but not to the local lan

This topic contains 16 replies, has 0 voices, and was last updated by  networker007 8 years, 3 months ago.

Viewing 15 posts - 1 through 15 (of 18 total)
  • Author
    Posts
  • #42580

    networker007
    Member

    finally I managed to configure the vpn.

    The problem is that I get a connection to the internet, but not to the local network (192.168.1.0/24).

    What do I have to?

    Uploaded with ImageShack.us

    #50895

    ppalias
    Member

    Show us the configuration page of the vpn server. Also there is a button “NET” where you configure the networks that will be sent to the vpn client whenever he connects to the server.

    #50896

    networker007
    Member

    here some screenshots…. many thanks for help!!!!

    Uploaded with ImageShack.us

    Uploaded with ImageShack.us

    Uploaded with ImageShack.us

    Uploaded with ImageShack.us

    Uploaded with ImageShack.us

    Uploaded with ImageShack.us

    Uploaded with ImageShack.us

    #50897

    redfive
    Participant

    the RIPv2 is not necessary, but what’s exactly what you want do ? reach the 192.168.1.0/24 network via VPN from the Internet or from a network behind zs ( 192.168.0.0/24 and 192.168.10.0/24 ) ?
    bye
    jonatha

    #50898

    networker007
    Member

    i wanna reach my network 192.168.1.0/24 from the internet through the router 192.168.1.100 and through the zs vpn 192.168.250.0/24

    and

    reach my network 192.168.1.0/24 over the wifi-AP 192.168.10.0/24 when i connected wia wifi

    #50899

    ppalias
    Member

    There are 2 things wrong here. In the routing table you have 192.168.1.0/24 reachable both from ETH00 and ETH01. Second in the DHCP configuration for the subnet 192.168.10.0/24 you have assigned as gateway 192.168.1.75 though it should be 192.168.10.75
    This is the reason you cannot reach anything from the wifi.
    I suggest removing the arguments from openvpn configuration and also remove Source NAT at the “Client IP Address Assignment”

    #50900

    networker007
    Member

    @ppalias wrote:

    There are 2 things wrong here. In the routing table you have 192.168.1.0/24 reachable both from ETH00 and ETH01.

    i removed the dyn.IP from ETH0

    it should be 192.168.10.75

    OK, changed to 192.168.10.75

    I suggest removing the arguments from openvpn configuration and also remove Source NAT at the “Client IP Address Assignment”

    Arguments (Command Line Parameters ) in the Ovpn removed. also SOURCE NAT

    Now i can reach the INTERNET but NOT the network 192.168.1.0/24

    whats wrong????? i dont know
    thanks to ppalias

    #50901

    ppalias
    Member

    If you do a tracert to a station on 192.168.1.0/24 network, where does it stop? Give us the output here. Also a “route print” (if you are using Windows, otherwise “route -n”) from the test pc that connects with openvpn and the test pc in the 192.168.1.0/24 network. What is the firewall policy and rules in the ZS for the forwarding chain?

    #50902

    networker007
    Member

    @ppalias wrote:

    If you do a tracert to a station on 192.168.1.0/24 network, where does it stop?

    here the output from the notebook by connecting via vpn over wifi:

    notebook:~ macbook$ route get 192.168.250.1
    route to: 192.168.250.1
    destination: default
    mask: default
    gateway: 192.168.10.75
    interface: en1
    flags:
    recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
    0 0 0 0 0 0 1500 0


    notebook:~ macbook$ route get 192.168.1.100
    route to: 192.168.1.100
    destination: 192.168.1.0
    mask: 255.255.255.0
    gateway: 192.168.250.254
    interface: en1
    flags:
    recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
    0 0 0 0 0 0 1500 0

    192.168.1.100 is the WAN-Router to the Internet

    What is the firewall policy and rules in the ZS for the forwarding chain?

    Uploaded with ImageShack.us

    #50903

    ppalias
    Member

    You didn’t answer my questions…

    #50904

    networker007
    Member

    What exactly should I check. I have perhaps not fully understood. can you say it in another words or describe in more detail what I should check.

    many thanks

    #50905

    ppalias
    Member

    Do a traceroute to a station in 192.168.1.0/24 network. If you don’t have any active station do it on 192.168.1.75
    Show us the routing table of your client. Since you are on Mac I think it can be seen with the command

    netstat -rn
    #50906

    networker007
    Member

    here the output: traceroute

    MacBook-Pro:~ nb$ traceroute 192.168.1.75
    traceroute to 192.168.1.75 (192.168.1.75), 64 hops max, 52 byte packets
    traceroute: sendto: Network is unreachable
    1 traceroute: wrote 192.168.1.75 52 chars, ret=-1
    *traceroute: sendto: Network is unreachable
    traceroute: wrote 192.168.1.75 52 chars, ret=-1
    ^C
    MacBook-Pro:~ nb$

    here the output: netstat -r

    Last login: Fri Oct 22 11:06:06 on ttys000
    MacBook-Pro:~ nb$ netstat -r
    Routing tables

    Internet:
    Destination Gateway Flags Refs Use Netif Expire
    default 192.168.10.75 UGSc 22 30 en1
    default 255.255.255.0 UGScI 0 0 tun0
    10.37.129/24 link#9 UC 1 0 vnic1
    10.37.129.2 0:1c:42:0:0:9 UHLWI 1 1 lo0
    10.211.55/24 link#8 UC 1 0 vnic0
    10.211.55.2 0:1c:42:0:0:8 UHLWI 0 1 lo0
    127 localhost UCS 0 0 lo0
    localhost localhost UH 9 270 lo0
    169.254 link#5 UCS 0 0 en1
    192.168.0 192.168.250.254 UGSc 0 0 en1
    192.168.1 192.168.250.254 UGSc 1 7 en1
    192.168.10 link#5 UCS 10 0 en1
    192.168.10.2 localhost UHS 0 0 lo0
    192.168.10.75 0:80:48:7e:26:a4 UHLWI 3 3 en1 1183
    255.255.255.0 192.168.250.1 UH 1 0 tun0

    Internet6:
    Destination Gateway Flags Netif Expire
    localhost localhost UH lo0
    fe80::%lo0 localhost Uc lo0
    localhost link#1 UHL lo0
    fe80::%en1 link#5 UC en1
    mac f8:1e:df:ef:c9:69 UHL lo0
    ff01:: localhost Um lo0
    ff02:: localhost UmC lo0
    ff02:: link#5 UmC en1
    MacBook-Pro:~ nb$

    i dont know where is the problem…. please help again. or is there a bug on zs-b13??

    #50907

    ppalias
    Member

    No I don’t think this is caused by a bug on ZS.
    Please do a ping to 192.168.1.75 ; does it reply?
    Also on ZS run the command

    ifconfig -a
    route -n

    to make sure they are configured ok after the changes you have done so far.
    Finally something else I noticed is that there is no point running RIP and NATing the ETH01 interface. You’ll do either of these. If you select NAT you’ll have to do some port forwarding as well to access the internal networks (in case you want to). I’d suggest RIP.

    #50908

    networker007
    Member

    dear ppalias….

    ifconfig -a

    root@zeroshell root> ifconfig -a
    DEFAULTBR Link encap:Ethernet HWaddr FE:DE:36:54:F5:D6
    BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    ETH00 Link encap:Ethernet HWaddr 00:0D:B9:14:2F:30
    inet addr:192.168.1.240 Bcast:192.168.1.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:19070 errors:0 dropped:0 overruns:0 frame:0
    TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:2081929 (1.9 Mb) TX bytes:684 (684.0 b)
    Interrupt:10 Base address:0x4000

    ETH00:00 Link encap:Ethernet HWaddr 00:0D:B9:14:2F:30
    inet addr:192.168.0.75 Bcast:192.168.0.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    Interrupt:10 Base address:0x4000

    ETH01 Link encap:Ethernet HWaddr 00:0D:B9:14:2F:31
    inet addr:192.168.1.251 Bcast:192.168.1.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:633924 errors:0 dropped:0 overruns:0 frame:0
    TX packets:270738 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:740100412 (705.8 Mb) TX bytes:18759745 (17.8 Mb)
    Interrupt:12 Base address:0x6000

    ETH01:00 Link encap:Ethernet HWaddr 00:0D:B9:14:2F:31
    inet addr:192.168.1.75 Bcast:192.168.1.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    Interrupt:12 Base address:0x6000

    ETH02 Link encap:Ethernet HWaddr 00:80:48:7E:26:A4
    UP BROADCAST RUNNING MULTICAST MTU:2290 Metric:1
    RX packets:324251 errors:0 dropped:0 overruns:0 frame:0
    TX packets:614435 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:19022105 (18.1 Mb) TX bytes:737717143 (703.5 Mb)

    ETH02:00 Link encap:Ethernet HWaddr 00:80:48:7E:26:A4
    inet addr:192.168.10.75 Bcast:192.168.10.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:2290 Metric:1

    VPN99 Link encap:Ethernet HWaddr 00:FF:78:DF:F9:24
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:100
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    VPN99:00 Link encap:Ethernet HWaddr 00:FF:78:DF:F9:24
    inet addr:192.168.250.254 Bcast:192.168.250.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    dummy0 Link encap:Ethernet HWaddr 62:AE:7D:5C:96:AF
    inet addr:192.168.141.142 Bcast:192.168.141.255 Mask:255.255.255.0
    BROADCAST NOARP MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    dummy1 Link encap:Ethernet HWaddr 4A:2A:03:AC:60:A6
    inet addr:192.168.142.142 Bcast:192.168.142.255 Mask:255.255.255.255
    UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:6779 errors:0 dropped:0 overruns:0 frame:0
    TX packets:6779 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:439772 (429.4 Kb) TX bytes:439772 (429.4 Kb)

    wifi0 Link encap:UNSPEC HWaddr 00-80-48-7E-26-A4-00-00-00-00-00-00-00-00-00-00
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:329772 errors:0 dropped:0 overruns:0 frame:774
    TX packets:619042 errors:449 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:199
    RX bytes:31725516 (30.2 Mb) TX bytes:763097680 (727.7 Mb)
    Interrupt:9

    root@zeroshell root>

    route -n

    root@zeroshell root> route -n
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ETH01
    192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ETH00
    192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ETH00
    192.168.250.0 0.0.0.0 255.255.255.0 U 0 0 0 VPN99
    192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 ETH02
    0.0.0.0 192.168.1.100 0.0.0.0 UG 0 0 0 ETH01
    root@zeroshell root>

    ping from mac-notebook to 192.168.1.75: Destination Host Unreachable

    if no rip and no nat is enabled there is no connection to the internet, nor to the internal network. is only activated eth01 nat on, then does the internet. the internal network is still not

Viewing 15 posts - 1 through 15 (of 18 total)

You must be logged in to reply to this topic.