[clug] VPN routers

Jsparksaa at cs.com Jsparksaa at cs.com
Thu Nov 10 01:46:26 GMT 2005 

Stephen,

  I created a static route for 192.168.233.0 and I am now able to get into the machine.  I do not see how to remove the 192.168.0.2 route. What are the repurcussions of "flushing" the route table?  Is it automatically re-built?  The answers are not important tonight, as I am able to do what I need to do.  

  I figured out what to do using the AIX SMIT utility.  Thanks for the information that pointed me to the direction I needed to go.

  Jim

Steve Jenkin <sjenkin at canb.auug.org.au> wrote:

>Jim,
>
>>From the netstat:
>
>192.168.0/16     192.168.0.2       U         1    12556  en1
>
>the 'en1' is a second ethernet interface in the AIX machine.
>It puts ALL 192.168 traffic (that /16) onto the second interface.
>
>Do you administer the AIX machine?  Is someone already using 192.168 in
>the work machine room?
>
>It looks like you are having a clash on the AIX system between an
>existing 192.168 network and your home 192.168 network.
>
>The best resolution might be to NAT your home network to a 10-network
>address.
>
>HTH
>sj
>
>On Wed, 2005-11-09 at 20:14 -0500, Jsparksaa at cs.com wrote:
>> Stephen,
>> 
>>   Had to setup a modem for this one!
>> 
>> ==========================================
>> [7028]:// # netstat -rn
>> Routing tables
>> Destination      Gateway           Flags   Refs     Use  If   PMTU  Exp  Groups
>> 
>> Route Tree for Protocol Family 2 (Internet):
>> default          10.0.0.3          UGc       0        0  en0     -   -
>> 10/24            10.0.0.2          U        24  5913201  en0     -   -
>> 127/8            127.0.0.1         U         5     1840  lo0     -   -
>> 192.168.0/16     192.168.0.2       U         1    12556  en1     -   -
>> 
>> Route Tree for Protocol Family 24 (Internet v6):
>> ::1              ::1               UH        0        0  lo0 16896   -
>> [7028]:// #
>> [7028]:// #
>> [7028]:// # traceroute 192.168.233.101
>> trying to get source for 192.168.233.101
>> source should be 192.168.0.2
>> traceroute to 192.168.233.101 (192.168.233.101) from 192.168.0.2 (192.168.0.2),
>> 30 hops max
>> outgoing MTU = 1500
>>  1  * * *
>>  2  * *
>> _________________________-
>> 
>> I see a route 192.168.0.2 and it does not exist??
>> 
>> Thanks,  Jim
>> 
>> 
>> Steve Jenkin <sjenkin at canb.auug.org.au> wrote:
>> 
>> >Jim,
>> >
>> >On the AIX box, run 'netstat -rn' (only need network numbers, not
>> >names). And also on it run a tracerout back to your home m/c.
>> >
>> >cheers
>> >s
>> >
>> >On Wed, 2005-11-09 at 19:34 -0500, Jsparksaa at cs.com wrote:
>> >> Stephen & "Beaky",
>> >> 
>> >>   I did a traceroute and here are the results:
>> >
>> >Which machine is this traceroute done on??  (ie the IP number)
>> >You have to construct a matrix of what can see what.
>> >I gather you have 9 addresses, (10.0.0.1 .. 9)
>> >That's 9 rows by 9 columns. And 'directionality' is needed too.
>> >Ie from 10.0.0.5 to 10.0.0.2 is *not* the same as 10.0.0.2 to 10.0.0.5.
>> >
>> >
>> >> linux:~ # traceroute 10.0.0.5
>> >> traceroute to 10.0.0.5 (10.0.0.5), 30 hops max, 40 byte packets
>> >>  1  * * *
>> >>  2  10.0.0.5  71.875 ms   74.155 ms   75.023 ms
>> >> 
>> >> linux:~ # traceroute 10.0.0.2
>> >> traceroute to 10.0.0.2 (10.0.0.2), 30 hops max, 40 byte packets
>> >>  1  * * *
>> >>  2  * * *
>> >> . . . 
>> >> 29  * * *
>> >> 30  * * *
>> >> linux:~ #
>> >> 
>> >> 10.0.0.5 is accessible and 10.0.0.2 is the AIX server.  I do not know what to do to setup a "return" path.
>> >> 
>> >> All help is greatly appreciated.
>> >> 
>> >>   Jim
>> >>   
>> >>   
>> >> 
>> >> Stephen Jenkin <sjenkin at canb.auug.org.au> wrote:
>> >> 
>> >> >Jim,
>> >> >
>> >> >This sort of problem is often to do with *return* paths.  The AIX system
>> >> >may not have a (default) route that goes back to your home.
>> >> >Traceroute is your friend...
>> >> >
>> >> >From 'I can telnet from home to my desk at work' you know that the VPN
>> >> >works.
>> >> >
>> >> >Happy to help more if you need it...
>> >> >
>> >> >HTH
>> >> >sj
>> >> >
>> >> >On Wed, 9 Nov 2005 Jsparksaa at cs.com wrote:
>> >> >
>> >> >> Hello,
>> >> >> 
>> >> >>   I have recently setup a Netgear FVS318 VPN router to connect to a
>> >> >> SonicWall 2040.  The VPN tunnel is running and I am ssh'd from my work
>> >> >> desk to a home SLES machine.
>> >> >> 
>> >> >>   At work, I can ping devices 10.0.0.1 to .9, but three of the same
>> >> >> devices do not respond to ping from the VPN.  I also cannot telnet to
>> >> >> an AIX server from the VPN.  (The AIX server is one of the devices
>> >> >> that does not respond to ping.)
>> >> >> 
>> >> >>   I can telnet from home to my desk at work.
>> >> >> 
>> >> >>   I do not have an idea where to look to solve my access problems to the AIX machine.
>> >> >> 
>> >> >>   Thanks,  Jim
>> >> >> 
>> >> >> 
>> >> >>     work net                      home net
>> >> >>    10.0.0.x                  192.168.233.y
>> >> >> 
>> >> >> -- 
>> >> >> linux mailing list
>> >> >> linux at lists.samba.org
>> >> >> https://lists.samba.org/mailman/listinfo/linux
>> >> >> 
>> >> >
>> >> >
>> >> >Steve Jenkin, Unix Sys Admin
>> >> >0412 786 915 (+61 412 786 915)
>> >> >PO Box 48, Kippax ACT 2615, AUSTRALIA
>> >> >
>> >> >sjenkin at canb.auug.org.au http://www.tip.net.au/~sjenkin
>> >> >
>> >> >
>> >> >
>> >> 
>> >-- 
>> >Steve Jenkin, Unix Sys Admin
>> >0412 786 915 (+61 412 786 915)
>> >PO Box 48, Kippax ACT 2615, AUSTRALIA
>> >
>> >mailto:sjenkin at canb.auug.org.au http://www.tip.net.au/~sjenkin
>> >
>> >
>> >
>> 
>-- 
>Steve Jenkin, Unix Sys Admin
>0412 786 915 (+61 412 786 915)
>PO Box 48, Kippax ACT 2615, AUSTRALIA
>
>mailto:sjenkin at canb.auug.org.au http://www.tip.net.au/~sjenkin
>
>
>

More information about the linux mailing list