ZeroShell VPN Lan to Lan malfunction

Home Page Forums Network Management ZeroShell ZeroShell VPN Lan to Lan malfunction

This topic contains 6 replies, has 0 voices, and was last updated by  marcegio 8 years, 1 month ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #43028

    marcegio
    Member

    Please, I need of your help with malfunction in my lan-to-lan VPN.

    This is a short description of environ:

    ZSHLL site 1 eth0 192.168.0.223/24
    eth1 XXX.XXX.XXX.XXX
    VPN 20.20.20.1 Server

    ZSHLL site 2 eth0 192.168.2.223/24
    eth1 YYY.YYY.YYY.YYY
    VPN 20.20.20.2 Client

    The VPN goes up and the routing rules are the following:

    ZSHLL site 1 192.168.2.0/20 20.20.20.2
    ZSHLL site 2 192.168.0.0/20 20.20.20.1

    With this congig. I have the followin problems:

    a) sometimes, but not always, from site 1 it is possible to browse the site e networl but not viceversa
    b) wath abose stated is not stable situation
    c) from ZSHL site 1 it is possible to ping ZSHL site 2 and viceversa
    d) tracing the route from ZSHL site 1 to ping ZSHL site 2 and viceversa the hop number it si not fixed and changes every time and sometime the delay is so long to do not ping the final address.

    Can anybody help me to find the solution ?

    Thank so much to all of you.

    Best regards.

    Marcello
    Nessun suggerimento ?
    Grazie anticipatamente a chi mi vorrà dedicare un po’ di tempo.

    Cordialità

    #51817

    marcegio
    Member

    I forgot to say that if sometime from Site 1 it is possible to browse the Site 2 netword, it is not possible to browse from Site 2 to Site 1.

    Never !

    Thanks a lot.

    Marcello

    #51818

    porkradish
    Member

    ZSHLL site 1 eth0 192.168.0.223/24
    eth1 XXX.XXX.XXX.XXX
    VPN 20.20.20.1 Server

    ZSHLL site 2 eth0 192.168.2.223/24
    eth1 YYY.YYY.YYY.YYY
    VPN 20.20.20.2 Client

    The VPN goes up and the routing rules are the following:

    ZSHLL site 1 192.168.2.0/20 20.20.20.2
    ZSHLL site 2 192.168.0.0/20 20.20.20.1

    It might be a typo but 192.168.2.0/20 is using a different subnet then 192.168.2.223/24

    check your routing and see if it is set to /24 not /20.

    the output of your route command would be helpful from both boxes – like:


    root@zs-noc-1 sbin> route
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    10.0.0.0 * 255.255.255.0 U 0 0 0 ETH01
    10.0.1.0 * 255.255.255.0 U 0 0 0 BRIDGE00
    192.168.1.0 * 255.255.255.0 U 0 0 0 ETH00
    192.168.44.0 10.0.1.44 255.255.255.0 UG 0 0 0 BRIDGE00
    192.168.250.0 * 255.255.255.0 U 0 0 0 VPN99
    10.10.10.0 10.0.1.4 255.255.255.0 UG 0 0 0 BRIDGE00
    192.168.40.0 10.0.1.4 255.255.255.0 UG 0 0 0 BRIDGE00
    10.1.0.0 10.0.1.12 255.255.0.0 UG 0 0 0 BRIDGE00
    default 192.168.1.1 0.0.0.0 UG 0 0 0 ETH00
    #51819

    marcegio
    Member

    According to your notes and to be more exact, here you can find the settings:

    ZSHLL site 1 eth0 192.168.0.223/255.255.255.0
    eth1 XXX.XXX.XXX.XXX
    VPN 20.20.20.1/255.255.255.0 Server

    ZSHLL site 2 eth0 192.168.2.223/255.255.255.0
    eth1 YYY.YYY.YYY.YYY
    VPN 20.20.20.2/255.255.255.0 Client

    and this is the routing rule on ZSHLL 1
    The rules on ZSHLL 2 are the same but reverse as
    Destination Gateway Genmask Flags Metric Ref Use Iface
    88.61.158.80 0.0.0.0 255.255.255.240 U 0 0 0 ETH01
    192.168.2.0 20.20.20.2 255.255.255.0 UG 0 0 0 VPN00
    192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ETH00
    20.20.20.0 0.0.0.0 255.255.255.0 U 0 0 0 VPN00
    0.0.0.0 88.61.158.81 0.0.0.0 UG 0 0 0 ETH01

    Thanks for any suggestion or correction.

    Marcello

    #51820

    porkradish
    Member

    Looks correct as long as you other box reverses it – are you using NAT? If so try disabling it on both boxes and see if it fixes the issue.

    #51821

    marcegio
    Member

    If as NAT you intend the set to do in the following menu (using GUI)

    ROUTER -> NAT

    Available Interfaces NAT Enabled Interfaces
    ETH0 ETH1
    VPN99 VPN00

    According to VPN Guide issued on Zeroshell Document area.

    If I have correctly understood your hint, do you suggetst to modify what above al belove:

    Available Interfaces NAT Enabled Interfaces
    ETH0 ETH1
    VPN
    VPN99

    It is Correct ? Thank you so much.

    Marcello

    #51822

    marcegio
    Member

    A very strange situation is:

    With previos mentioned / listed configuration from network 1 192.168.0.0/24 actually it possible to ping either ZSHLL 2 and, inside the network 2, 192.168.2.3 but not the other ones !!!!

    This is a NAS disk equal to an other present at 192.168.2.2 but this is not pingable or browsable.

    ?????

    Thank for anu suggestion or help.

    Marcello

    PS from site 2 no address are pingable,

    #51823

    porkradish
    Member

    As for the NAT – just make sure no interfaces are listed under “NAT Enabled Interfaces” to disable it.

    what does a trace route command look like on the clients that cannot connect to the the 192.168.0.0/24 network.

    so if you are running windows on a computer with an ip address like:

    192.168.2.10 that cannot reach 192.168.0.10 then

    open the run box
    type cmd
    tracert 192.168.0.10

    and see where the traffic stops. Are you sure the client is using 192.168.2.223 as its default gateway?

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.