I'm trying to build a VPN setup, where there are several Road-Warriors (various OSes) want to communicate to internal network behind a VPN gateway. The key facts are these:
- Internal network is 10.254.0.0/24
- No DHCP
- Internal hosts are all RHEL/CentOS 6
- Road-Warriors are assigned virtual addresses within 10.2.0.0/24
- VPN gateway is a RHEL 6 box with:
- Internal address 10.254.0.111
- External address X.X.X.X
- VPN gateway is NOT the default gateway for internal hosts
- VPN is implemented using Strongswan
So far Road-Warriors successfully connect to VPN gateway. The issue is that on every internal host I have to setup routing tables to send 10.2.0.0/24 traffic through 10.254.0.111 if I want them be accessible for RWs.
What are other options? How can I centrally manage routing info so that it is autodiscovered by internal hosts?
There's a few ways. The easiest way is to set up an intermediate router (that acts as the default gateway for both networks) with the two subnets on different interfaces. The VPN server could be behind one of them, it doesn't have to act as one.
So something like this:
RWs - VPN Server -default gateway for vpn server- Router -default gateway- Internal network
And the router would have third interface that hooks up with the WAN
Alternatively you could have a log on script runs on the local boxes that adds the 10.2.0.0/24 route with the 10.254.0.111 gateway. This one could get complicated if they don't all have the same interface number for internal traffic.