Re: [Dorset] Wimborne Model Town Routing Problem
On Tue, 19 Apr 2022 09:45:02 +0100, Hamish McIntyre-Bhatty wrote: > On 19/04/2022 07:27, Terry Coles wrote: > > On Monday, 18 April 2022 20:26:36 BST Patrick Wigmore wrote: > >> If there isn't a suitable route to 192.168.0.0/24 on the VPN > >> client > >> computer, then manually adding one temporarily might be a > >> worthwhile experiment. > >> > >> Hmmm. I've been struggling to find the correct iptables command > >> to do that. > Note: iptables is a firewall, and doesn't handle routing. > > You probably need to add a route with "route add" but I don't know > what options to use after that. The only one I have used is "route > add default gw x.x.x.x" so I will let Patrick handle this - he > knows more Linux-specific stuff than I do here. I would use ip route add, but I am not really 'up' on the specifics. It is something I would figure out by trial and error (and reading the manual). But I forgot that IPSec VPNs don't present themselves as virtual network interfaces, which means it isn't necessarily obvious when you have a route that's going through the VPN, and I am not sure whether it is actually possible to create a route manually in the way I was thinking. I was imagining that you would see a route to [something] via [a VPN network interface], as you would with some other types of VPN. But instead, you'll see something like a route to [something] via [the same network interface that handles your default route] and via [the VPN server], with the kernel knowing (somehow - I forget exactly how) that it needs to encrypt packets that take that route. Looking at your ip route show output > terry@OptiPlex:~/Useful$ ip route show > default via 192.168.1.1 dev eno1 proto dhcp metric 100 > 169.254.0.0/16 dev eno1 scope link metric 1000 > 192.168.1.0/24 dev eno1 proto kernel scope link src 192.168.1.21 > metric 100 I think that last line is probably the route through the VPN, though I am not entirely certain. I've forgotten most of what I previously learnt about how routing works with IPSec. Sorry for being a bit vague. This is more of a heads up that I may have sent you on a wild goose chase than an attempt to unpick it properly. Patrick -- Next meeting: Online, Jitsi, Tuesday, 2022-05-03 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
[Dorset] Free to good home
Free to a good home I have to following items. HPV1910 24port Gbit managed switch rack ready with mount, has 4 slots for fibre module, works perfectly just a bit noisy for sitting on your. Needs to be reset password lost Fujitsu E734 laptop i5 8GB Memory 120GB SSD No SCREEN, this laptop has spend the last 3 year running as a desktop connected to an external monitor, due to said missing screen, all the cable are there if you want to refit, but you will also need the bezel as well (large object fell on laptop lid), works perfectly Collect from Kinson Tim H -- Next meeting: Online, Jitsi, Tuesday, 2022-05-03 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Wimborne Model Town Routing Problem
On 19/04/2022 07:27, Terry Coles wrote: On Monday, 18 April 2022 20:26:36 BST Patrick Wigmore wrote: If there isn't a suitable route to 192.168.0.0/24 on the VPN client computer, then manually adding one temporarily might be a worthwhile experiment. Hmmm. I've been struggling to find the correct iptables command to do that. Should this be a direct route from 10.1.10.1 to 192.168.0.1 or 192.168.0.30 to 192.168.0.1. Also should the protocol be NAT? Whatever I've tried so far doesn't seem to show up when I list the current rules, so I've been unable to confirm or deny that this was the problem. It seems you've got me hooked on this puzzle, Terry. I was only going to write a few paragraphs here, to clarify my previous remarks! Sorry about that. :-) Note: iptables is a firewall, and doesn't handle routing. You probably need to add a route with "route add" but I don't know what options to use after that. The only one I have used is "route add default gw x.x.x.x" so I will let Patrick handle this - he knows more Linux-specific stuff than I do here. Hamish -- Next meeting: Online, Jitsi, Tuesday, 2022-05-03 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Wimborne Model Town Routing Problem
On Monday, 18 April 2022 20:26:36 BST Patrick Wigmore wrote: > If there isn't a suitable route to 192.168.0.0/24 on the VPN client > computer, then manually adding one temporarily might be a worthwhile > experiment. Hmmm. I've been struggling to find the correct iptables command to do that. Should this be a direct route from 10.1.10.1 to 192.168.0.1 or 192.168.0.30 to 192.168.0.1. Also should the protocol be NAT? Whatever I've tried so far doesn't seem to show up when I list the current rules, so I've been unable to confirm or deny that this was the problem. > It seems you've got me hooked on this puzzle, Terry. I was only going > to write a few paragraphs here, to clarify my previous remarks! Sorry about that. :-) -- Terry Coles -- Next meeting: Online, Jitsi, Tuesday, 2022-05-03 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk