ArcaIT
By:
ArcaIT

VPN Server Routing to Internal Network

January 31, 2015 794 views
Networking

Hello, we are trying to configure routing to the internal network (10.129.0.0/16) from the VPN Clients connected to the droplet VPNServer. When we configure routes in any of our hosts in AMS2 to the VPN clients we see frames trying to get to the VPNServer but we don't see them arriving to the internal interface. These are tcpdump captures in both servers:

(VPNServer) It only receives arp requests (broadcast) but we don't see any other frame:

root@VPNServer:~# tcpdump -e -i eth1 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes 
20:27:34.998462 04:01:34:46:ad:02 (oui Unknown) > 04:01:34:bb:b8:02 (oui Unknown), ethertype ARP (0x0806), length 60: Request who-has 10.129.140.126 tell 10.129.142.25, length 46 
20:27:34.998594 04:01:34:bb:b8:02 (oui Unknown) > 04:01:34:46:ad:02 (oui Unknown), ethertype ARP (0x0806), length 42: Reply 10.129.140.126 is-at 04:01:34:bb:b8:02 (oui Unknown), length 28

DNS1 (We are sending ping icmp-requests from this host, to VPN Clients) We can see ARP (Request/Reply) and the ICMP requests to the VPN Server (04:01:34:bb:b8:02) but ther is no reply.

20:28:21.008766 04:01:34:46:ad:02 (oui Unknown) > 04:01:34:bb:b8:02 (oui Unknown), ethertype ARP (0x0806), length 42: Request who-has 10.129.140.126 tell 10.129.142.25, length 28 
20:28:21.009627 04:01:34:bb:b8:02 (oui Unknown) > 04:01:34:46:ad:02 (oui Unknown), ethertype ARP (0x0806), length 60: Reply 10.129.140.126 is-at 04:01:34:bb:b8:02 (oui Unknown), length 46 
20:28:21.010923 04:01:34:46:ad:02 (oui Unknown) > 04:01:34:bb:b8:02 (oui Unknown), ethertype IPv4 (0x0800), length 98: 10.129.142.25 > 10.8.0.1: ICMP echo request, id 19953, seq 260, length 64 
20:28:22.018965 04:01:34:46:ad:02 (oui Unknown) > 04:01:34:bb:b8:02 (oui Unknown), ethertype IPv4 (0x0800), length 98: 10.129.142.25 > 10.8.0.1: ICMP echo request, id 19953, seq 261, length 64 
20:28:23.026938 04:01:34:46:ad:02 (oui Unknown) > 04:01:34:bb:b8:02 (oui Unknown), ethertype IPv4 (0x0800), length 98: 10.129.142.25 > 10.8.0.1: ICMP echo request, id 19953, seq 262, length 64 
20:28:24.034946 04:01:34:46:ad:02 (oui Unknown) > 04:01:34:bb:b8:02 (oui Unknown), ethertype IPv4 (0x0800), length 98: 10.129.142.25 > 10.8.0.1: ICMP echo request, id 19953, seq 263, length 64

We have test it from other servers with the same results.

We have also capture traffic in the VPNServer internal interface trying to go to the Internal Server when vpn clients try to communicate with those servers, but the traffic does not get to the internal server.

We can ping the internal IP address of the VPN server from any other server in the same DC AMS2.

It seems that only broadcast traffic, and traffic to the host itself is allowed in the internal network.

Any ideas?

Be the first one to answer this question.