« previous next »
Pages: [1]

Author Topic: VPN problem, how to able to see zentyal to zentyal VPN range in client VPN?  (Read 1561 times)

vampywiz17

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
VPN problem, how to able to see zentyal to zentyal VPN range in client VPN?
« on: October 11, 2013, 08:23:07 pm »
Hello there,

My network is:

- Two Zentyal box (box1 and box2), two different places (they connect via zentyal to zentyal VPN).
- some remote client, they connect box1.

box1 run two vpn server, one of zentyal to zentyal, and one of zentyal to client.

now, working well, the box1 LAN network able to ping box2 LAN devices and vice versa. The remote client able to ping a box1 LAN devices, but i cannot ping box2 LAN.

It is possible to set the VPN servers that the remote client able to ping box2 LAN?

Other info:

LAN1 ip range: 10.50.2.x
LAN2 ip range: 10.50.3.x
VPN1(zentyal to zentyal) ip range: 10.50.160.x
VPN2 (zentyal to client) ip range: 10.50.170.x

Thanks the answer!
Logged

christian

  • Guest
Re: VPN problem, how to able to see zentyal to zentyal VPN range in client VPN?
« Reply #1 on: October 12, 2013, 08:44:21 am »
This is only matter of route and announcement, if I can say so.

If remote client knows only route to LAN1, there is no reason to use VPN tunnel in order to reach LAN2 if such route is not announced.
Logged

vampywiz17

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: VPN problem, how to able to see zentyal to zentyal VPN range in client VPN?
« Reply #2 on: October 13, 2013, 03:37:26 pm »
I see.

So i make a new static route or...?
Logged

vampywiz17

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: VPN problem, how to able to see zentyal to zentyal VPN range in client VPN?
« Reply #3 on: October 14, 2013, 11:51:02 pm »
Quote from: christian on October 12, 2013, 08:44:21 am
This is only matter of route and announcement, if I can say so.

If remote client knows only route to LAN1, there is no reason to use VPN tunnel in order to reach LAN2 if such route is not announced.

Well i move a little forward... :)

I create a new object (members: 10.50.160.x and 10.50.170.x) and add this the VPN2 (zentyal to client). Now, i able to ping 10.50.160.1 (the VPN1 vpn server ) but not the vpn client (10.50.160.2) and naturally can't the 10.50.2.x  range...
« Last Edit: October 15, 2013, 12:12:04 am by vampywiz17 »
Logged

christian

  • Guest
Re: VPN problem, how to able to see zentyal to zentyal VPN range in client VPN?
« Reply #4 on: October 15, 2013, 04:36:37 am »
Quote from: vampywiz17 on October 14, 2013, 11:51:02 pm
I create a new object (members: 10.50.160.x and 10.50.170.x) and add this the VPN2 (zentyal to client). Now, i able to ping 10.50.160.1 (the VPN1 vpn server ) but not the vpn client (10.50.160.2) and naturally can't the 10.50.2.x  range...

Sorry, I don't understand what "and add this the VPN2 (zentyal to client)" means (from technical standpoint)

1 - Instead of using "ping" that give very few information, you should rather use command that will show you route that is used, e.g. traceroute or tracert depending on your OS.
2 - Trying to reach network that is used as transport layer for tunnel as very little interest, from my standpoint
3 - Good (to very good) understanding of (default) routes on each side is a must when you start to design some rather complex VPN landscape.
Your standalone clients must be aware, is their default route is not somewhere at LAN1, that in order to reach LAN2, they must fist go though VPN pointing to LAN1
Logged
Pages: [1]
« previous next »