Hello

I wonder if someone might be able to help.

I have set up an OpenVPN access server on one of my linodes. The idea is this will enable me to access the private addresses of my other linodes.

I can do this perfectly using NAT mode meaning i can connect over the vpn to the private IP of my other linodes. however when i try to use routing mode it won't reach the private ip of my other linodes i can't reach them. I can hit the private of my VPN linode though.

This is the TCP dump of my private IP on the VPN server when i attempt to send traffic

root@vpn:~# tcpdump -i eth0:0 net 192.168.128.0/17
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0:0, link-type EN10MB (Ethernet), capture size 65535 bytes
23:06:25.107727 IP 5.5.10.2 > 192.168.1*.*: ICMP echo request, id 1, seq 397, length 40
23:06:29.636239 IP 5.5.10.2 > 192.168.1*.*: ICMP echo request, id 1, seq 398, length 40
23:06:30.114992 ARP, Request who-has 192.168.1*.* tell 192.168.144.19, length 28
23:06:30.115384 ARP, Reply 192.168.1*.* is-at f2:3c:91:70:77:db (oui Unknown), length 46

This is the TCP dump of my Virtual network on the VPN Server when i attempt to send traffic

root@vpn:~# tcpdump -i as0t10 net 192.168.128.0/17
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on as0t10, link-type RAW (Raw IP), capture size 65535 bytes
23:07:05.788249 IP 5.5.10.2 > 192.168.1*.*: ICMP echo request, id 1, seq 401, length 40
23:07:10.636219 IP 5.5.10.2 > 192.168.1*.*: ICMP echo request, id 1, seq 402, length 40
23:07:15.635394 IP 5.5.10.2 > 192.168.1*.*: ICMP echo request, id 1, seq 403, length 40
23:07:20.636389 IP 5.5.10.2 > 1192.168.1*.*: ICMP echo request, id 1, seq 404, length 40


This indicates that the traffic is on it's way through. However it never seems to get through to the other linode

[root@linode network-scripts]# tcpdump -i eth0:1 net 192.168.128.0/17
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0:1, link-type EN10MB (Ethernet), capture size 96 bytes
00:25:08.149891 arp who-has 192.168.176.* tell 192.168.144.*
00:25:08.152283 arp reply 192.168.176.* is-at f2:3c:91:70:77:db (oui Unknown)

No traffic appears to land

Any ideas that I might be doing wrong?

Thank you

David

5.5.10.2 is not one of your Linode's IP addresses, so traffic from that IP won't be allowed to leave your Linode. You'll have to use NAT mode.

Keep in mind that the ONLY difference between the "private" IPv4 addresses and the public ones is that the private addresses do not count against your bandwidth quota (and they can't be reached from the Internet, of course). If you can't do it with public IPv4 addresses, you won't be able to do it with "private" IPv4 addresses either.

(Try using IPv6 for this. It's easier.)

_________________

/* TODO: need to add signature to posts */

Thanks for info Hoopy. At least I am not doing some totally stupid and it is in fact by design that what I am doing won't work.

I wanted to VPN in and then access my PBX using SIP, When I set it up the NAT mode worked fine for ICMP and HTTP but unfortunately SIP was a no no. I wonder if your IPv6 suggestion might help with that?

Thank you

IPv6 would obviate the need for NAT, at least. (NAT was the temporary workaround to address exhaustion; IPv6 has the permanent fix.) Or, you could VPN directly into the PBX box.

_________________

/* TODO: need to add signature to posts */

Thanks Hoopy I went with installing it on each PBX which so far works well