LAN-to-LAN VPN routing

Forums Network Management Linux and Networking LAN-to-LAN VPN routing

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
  • #44759

    I’m baffled what kind of routing rule I need to route traffic from my local LAN -> ZS box -> VPN tunnel. Everything works fine without the VPN,

    My WAN is a 4G modem via pppoe, ETH00 has NAT and DHCP enabled. (All computers on LAN have internet connectivity now, DHCP default gateway = ZS box local address). If I fire up the VPN (commercial service provider), it connects just fine and ZS box has connectivity via VPN (tracepath confirmed).

    When VPN is up, all LAN computers lose connectivity to internet (connection to ZS box stays up).

    VPN00 has these options and interface VPN00 has NAT enabled:

    --dev tun0 --dev-type tun --topology subnet --pull --config /Database/serviceproviderfile.ovpn --auth-user-pass /Database/passwordfile --redirect-gateway

    Please help, what I’m missing here?



    Postrouting chain for VPN00 had no packets going in or out => tun00 interface had no NAT, and it’s not listed in NAT enabled interfaces.

    If adding manually

    iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

    routing from ETH00 -> VPN00 works.

    Based on that, I found this thread which deals with the same thing.

    hassan ali

    Dynamic crypto map – is one of the ways to accommodate peers sharing the same characteristics (for example multiple branches offices sharing the same configuration) or peers having dynamic IP addressing.
    gbwhatsapp 2018

    • This reply was modified 2 years, 3 months ago by hassan ali.
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.