ZeroShell VPN Lan to Lan malfunction

Forums Network Management ZeroShell ZeroShell VPN Lan to Lan malfunction

  • This topic is empty.
Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • June 16, 2011 at 7:35 am #43028
    marcegio
    Member

    Please, I need of your help with malfunction in my lan-to-lan VPN.

    This is a short description of environ:

    ZSHLL site 1 eth0 192.168.0.223/24
    eth1 XXX.XXX.XXX.XXX
    VPN 20.20.20.1 Server

    ZSHLL site 2 eth0 192.168.2.223/24
    eth1 YYY.YYY.YYY.YYY
    VPN 20.20.20.2 Client

    The VPN goes up and the routing rules are the following:

    ZSHLL site 1 192.168.2.0/20 20.20.20.2
    ZSHLL site 2 192.168.0.0/20 20.20.20.1

    With this congig. I have the followin problems:

    a) sometimes, but not always, from site 1 it is possible to browse the site e networl but not viceversa
    b) wath abose stated is not stable situation
    c) from ZSHL site 1 it is possible to ping ZSHL site 2 and viceversa
    d) tracing the route from ZSHL site 1 to ping ZSHL site 2 and viceversa the hop number it si not fixed and changes every time and sometime the delay is so long to do not ping the final address.

    Can anybody help me to find the solution ?

    Thank so much to all of you.

    Best regards.

    Marcello
    Nessun suggerimento ?
    Grazie anticipatamente a chi mi vorrà dedicare un po’ di tempo.

    Cordialità

    June 16, 2011 at 7:38 am #51817
    marcegio
    Member

    I forgot to say that if sometime from Site 1 it is possible to browse the Site 2 netword, it is not possible to browse from Site 2 to Site 1.

    Never !

    Thanks a lot.

    Marcello

    June 17, 2011 at 2:17 pm #51818
    porkradish
    Member

    ZSHLL site 1 eth0 192.168.0.223/24
    eth1 XXX.XXX.XXX.XXX
    VPN 20.20.20.1 Server

    ZSHLL site 2 eth0 192.168.2.223/24
    eth1 YYY.YYY.YYY.YYY
    VPN 20.20.20.2 Client

    The VPN goes up and the routing rules are the following:

    ZSHLL site 1 192.168.2.0/20 20.20.20.2
    ZSHLL site 2 192.168.0.0/20 20.20.20.1

    It might be a typo but 192.168.2.0/20 is using a different subnet then 192.168.2.223/24

    check your routing and see if it is set to /24 not /20.

    the output of your route command would be helpful from both boxes – like:


    
root@zs-noc-1 sbin> route
    
Kernel IP routing table
    
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    
10.0.0.0        *               255.255.255.0   U     0      0        0 ETH01
    
10.0.1.0        *               255.255.255.0   U     0      0        0 BRIDGE00
    
192.168.1.0     *               255.255.255.0   U     0      0        0 ETH00
    
192.168.44.0    10.0.1.44       255.255.255.0   UG    0      0        0 BRIDGE00
    
192.168.250.0   *               255.255.255.0   U     0      0        0 VPN99
    
10.10.10.0      10.0.1.4        255.255.255.0   UG    0      0        0 BRIDGE00
    
192.168.40.0    10.0.1.4        255.255.255.0   UG    0      0        0 BRIDGE00
    
10.1.0.0        10.0.1.12       255.255.0.0     UG    0      0        0 BRIDGE00
    
default         192.168.1.1     0.0.0.0         UG    0      0        0 ETH00
    June 17, 2011 at 3:01 pm #51819
    marcegio
    Member

    According to your notes and to be more exact, here you can find the settings:

    ZSHLL site 1 eth0 192.168.0.223/255.255.255.0
    eth1 XXX.XXX.XXX.XXX
    VPN 20.20.20.1/255.255.255.0 Server

    ZSHLL site 2 eth0 192.168.2.223/255.255.255.0
    eth1 YYY.YYY.YYY.YYY
    VPN 20.20.20.2/255.255.255.0 Client

    and this is the routing rule on ZSHLL 1
    The rules on ZSHLL 2 are the same but reverse as
    Destination Gateway Genmask Flags Metric Ref Use Iface
    88.61.158.80 0.0.0.0 255.255.255.240 U 0 0 0 ETH01
    192.168.2.0 20.20.20.2 255.255.255.0 UG 0 0 0 VPN00
    192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ETH00
    20.20.20.0 0.0.0.0 255.255.255.0 U 0 0 0 VPN00
    0.0.0.0 88.61.158.81 0.0.0.0 UG 0 0 0 ETH01

    Thanks for any suggestion or correction.

    Marcello

    June 17, 2011 at 3:48 pm #51820
    porkradish
    Member

    Looks correct as long as you other box reverses it – are you using NAT? If so try disabling it on both boxes and see if it fixes the issue.

    June 17, 2011 at 4:25 pm #51821
    marcegio
    Member

    If as NAT you intend the set to do in the following menu (using GUI)

    ROUTER -> NAT

    Available Interfaces NAT Enabled Interfaces
    ETH0 ETH1
    VPN99 VPN00

    According to VPN Guide issued on Zeroshell Document area.

    If I have correctly understood your hint, do you suggetst to modify what above al belove:

    Available Interfaces NAT Enabled Interfaces
    ETH0 ETH1
    VPN
    VPN99

    It is Correct ? Thank you so much.

    Marcello

    June 17, 2011 at 4:38 pm #51822
    marcegio
    Member

    A very strange situation is:

    With previos mentioned / listed configuration from network 1 192.168.0.0/24 actually it possible to ping either ZSHLL 2 and, inside the network 2, 192.168.2.3 but not the other ones !!!!

    This is a NAS disk equal to an other present at 192.168.2.2 but this is not pingable or browsable.

    ?????

    Thank for anu suggestion or help.

    Marcello

    PS from site 2 no address are pingable,

    June 17, 2011 at 5:08 pm #51823
    porkradish
    Member

    As for the NAT – just make sure no interfaces are listed under “NAT Enabled Interfaces” to disable it.

    what does a trace route command look like on the clients that cannot connect to the the 192.168.0.0/24 network.

    so if you are running windows on a computer with an ip address like:

    192.168.2.10 that cannot reach 192.168.0.10 then

    open the run box
    type cmd
    tracert 192.168.0.10

    and see where the traffic stops. Are you sure the client is using 192.168.2.223 as its default gateway?

  • Author
    Posts
Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.