August 1, 2014 at 12:01 pm #44004
I’m trying to configure a VPN with Zeroshell as server and a virtual machine EC2 as client.
This is the basic schema with the IP:
I choose to use the certification authentication and this is the server config:
And this is the client config file:
ifconfig 188.8.131.52 255.255.255.0 #192.168.254.1
keepalive 1 3
The authentication works,i’m able to ping from amazon EC2 and either VPN server can ping each other and I can ping my local machines from VPN EC2 instance but I cannot reach amazons machine from my zeroshell and I cannot ping my local machines from other amazon machine, seems that only the VPN client works.
I’m sure is a basic routing/forwarding problems and even if I enabled forwarding on LInux machine as follow do not works:
I set net.ipv4.ip_forward=1 on /etc/sysctl.conf and /proc/sys/net/ipv4/ip_forward to 1
I set up all route to access my local class 192.168.18.0/24 to VPN client and I set up the same route for the other amazon internal machine with gateway the IP of amazon VPN instance.
For my test all firewall are off.
This is the process line on zeroshell server:
What I miss?
Many thanks for your helpAugust 1, 2014 at 1:16 pm #53403
I initially posted on Italian forum here (http://www.zeroshell.net/forum/viewtopic.php?p=18921#18921) where REDFIVE posted this answer:
Mmm … this is the italian forum… anyway, if Zs 1 is the default gateway for the network 192.168.18.0/24 , and aws ec2 is the the default gateway for the network 10.0.0.0/24 , add, , on ZS1 a static route ,
10.0.0.0 255.255.255.0 via 184.108.40.206 (but be aware, this is actually a pubblic ip address used as inner ip address of the tunnel) and on aws ec2 , 192.168.10.0 255.255.255.0 via 220.127.116.11…. should work, ….if I haven’t missed something…
RegardsAugust 1, 2014 at 1:21 pm #53404
I did it, this is the routing table of Zeroshell
Destination Netmask Type Metric Gateway Interface Flags State Source
DEFAULT GATEWAY 0.0.0.0 Net 0 18.104.22.168 ETH02 UG Up Auto
10.0.0.0 255.255.255.0 Net 0 22.214.171.124 VPN00 UG Up Static
192.168.18.0 255.255.255.0 Net 0 none ETH03 U Up Auto
192.168.50.0 255.255.255.0 Net 0 none ETH00 U Up Auto
126.96.36.199 255.255.255.248 Net 0 none ETH02 U Up Auto
188.8.131.52 255.255.255.248 Net 0 none ETH01 U Up Auto
184.108.40.206 255.255.255.0 Net 0 none VPN00 U Up Auto
And this is the Linux machine
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.169.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.18.0 220.127.116.11 255.255.255.0 UG 0 0 0 tap0
18.104.22.168 0.0.0.0 255.255.255.0 U 0 0 0 tap0
Any ideas?August 1, 2014 at 6:22 pm #53405
Isn’t so clear, at least for me, btw…in the first drawing there isn’t any public ip address declared, but looking at the second one, seems that the Zs is connected to the remote machine, on the public ip address, for the vpn….and , based on the ZS’s routing table, seems that its def-gw is 192.0.0.1 , on ETH02 ( but isn’t this the ip address of the VPN00 interface ?) , while on the second machine, I can’t see any default gw…
So , ..could you explain, how exactly is the network topology ?
Remove the lines –route-gateway xxx and –push-route xxx in Parameters , if you have declared the routes as static routes in the routing table, you don’t need these lines.
RegardsAugust 1, 2014 at 11:15 pm #53406
yes sorry I forgot to mention the public ip addresses but I only mentioned the private ip, of course there are public ip as well so you can consider that the tunnel work.
Anyway I manage to solve it and I describe the process on my website, this is the post:
How can I set the title as SOLVED ?
You must be logged in to reply to this topic.