I have a VPN set up where multiple subnets are used. I have three VPN services, let's say A - 192.168.1.0/24, B - 192.168.2.0/24 and C - 192.168.3.0/24. I would like to have specific traffic from a host in subnet C through a host in subnet A. In effect
(CLIENT) 192.168.3.12 ----> VPN GATEWAY ---> (SERVER) 192.168.1.49 ---> INTERNET
I have set up port forwarding on the VPN gateway and on the SERVER machines with
sysctl net.ipv4.conf.all.forwarding=1
I have set up traffic between subnets on the VPN gateway using
iptables -A FORWARD -i tun1 -o tun3 -j ACCEPT
iptables -A FORWARD -i tun3 -o tun1 -j ACCEPT
I have set up routes on the SERVER machine
ip route add 192.168.3.0/24 dev tun0
and on the CLIENT machine
ip route add 192.168.1.0/24 dev tun0
At this point I can connect from the CLIENT to the SERVER using SSH, so I consider this part solved. However, as soon as I try to add a route that goes through the SERVER machine, e.g.
ip route add 1.1.1.1 via 192.168.1.49
I am no longer able to ping 1.1.1.1 . I can see that on the VPN gateway the packets in the FORWARD table are being dropped at a rate that corresponds to my ping requests, but not sure what I am doing wrong.
How can I debug this connection issue when trying to route traffic through a host behind the VPN gateway?
0 Answers