Home / server / Questions / 1061209
Accepted
Fraggle
Asked: 2021-04-23 04:59:51 +0800 CST

Multi hop routing

  • 772

Multi-hop routing I'm trying to communicate from the tx.py program to send packets (UDP) down to device 1 and device 2 shown in the picture. Currently we have OpenVPN clients running on 2 of our VMs and if I run tx.py on those vms I can communicate fine to each device that is connected to that vpn tunnel (so from vm2 I can reach device 1, but not device 2).

I want to be able to route from vm1 so that I can send to device 1 or device 2 from this central location. I tried adding a route on vm1 to device 1 (via VM 2) like route add -net 100.64.226.0 netmask 255.255.255.0 gw 10.2.6.20 dev eth0 but was still not able to receive packets on Device 1. Also tried toggling ip forwarding on for both vm1 and vm2 but this didn't fix it.

What is the way to do this?

Note that I don't need to communicate back up from the devices to vm1.

Note: I don't control the openVPN servers and cannot change configs there.

routing openvpn route ip-routing

2 Answers

  1. As far as I can see, this is not possible without changing Openvpn Server configuration.
    I have implemented similar scenarios with certificate based authentication, and it is working. I am assuming this is a road-warriro setup and not a site-to-site connection. Which means, the VPN Server is only aware of a single client and not of other machines trying to connect over the same client. From a security perspective this also makes sense for me.
    Now if more machines need to connect over the client computer, it will then act as a gateway, and this can be configured at the Openvpn server. Details instructions on setting this up can be found here:

    Expanding the scope of the VPN to include additional machines on either the client or server subnet.

    See: Including multiple machines on the client side when using a routed VPN (dev tun)

    • 1
  2. Best Answer

    You need to setup User Defined Routing by using a route table connected to the 10.2.6.0 subnet so that Azure knows to route to 10.64.226.0 through 10.2.6.20 and similar for device 2. You will still need to ensure the routing (IP forwarding) features are enabled in the Azure network adapters, OS network adapters, and the OS routing tables (in both directions).

    https://docs.microsoft.com/en-us/azure/virtual-network/manage-route-table

    Azure automatically routes traffic between Azure subnets, virtual networks, and on-premises networks. If you want to change any of Azure's default routing, you do so by creating a route table.

    https://petri.com/implementing-azure-user-defined-routing

    If you use an Azure gateway for VPN connectivity, the local network setting will provide your subnets with a route to your on-premises network. However, when you deploy your own VPN solution in a virtual machine (that’s what a virtual appliance is) then there is nothing, by default, to tell Azure how to route subnet traffic to the on-premises network(s).

    There are many examples online, mostly related to next generation firewalls (i.e. force Azure to route through your firewall appliance), and Hyper-V (i.e. setup Azure to route to an internal Hyper-V network through the virtual Hyper-V host).

    • 0