[clug] VPN routers
Jsparksaa at cs.com
Jsparksaa at cs.com
Thu Nov 10 01:46:26 GMT 2005
Stephen,
I created a static route for 192.168.233.0 and I am now able to get into the machine. I do not see how to remove the 192.168.0.2 route. What are the repurcussions of "flushing" the route table? Is it automatically re-built? The answers are not important tonight, as I am able to do what I need to do.
I figured out what to do using the AIX SMIT utility. Thanks for the information that pointed me to the direction I needed to go.
Jim
Steve Jenkin <sjenkin at canb.auug.org.au> wrote:
>Jim,
>
>>From the netstat:
>
>192.168.0/16 192.168.0.2 U 1 12556 en1
>
>the 'en1' is a second ethernet interface in the AIX machine.
>It puts ALL 192.168 traffic (that /16) onto the second interface.
>
>Do you administer the AIX machine? Is someone already using 192.168 in
>the work machine room?
>
>It looks like you are having a clash on the AIX system between an
>existing 192.168 network and your home 192.168 network.
>
>The best resolution might be to NAT your home network to a 10-network
>address.
>
>HTH
>sj
>
>On Wed, 2005-11-09 at 20:14 -0500, Jsparksaa at cs.com wrote:
>> Stephen,
>>
>> Had to setup a modem for this one!
>>
>> ==========================================
>> [7028]:// # netstat -rn
>> Routing tables
>> Destination Gateway Flags Refs Use If PMTU Exp Groups
>>
>> Route Tree for Protocol Family 2 (Internet):
>> default 10.0.0.3 UGc 0 0 en0 - -
>> 10/24 10.0.0.2 U 24 5913201 en0 - -
>> 127/8 127.0.0.1 U 5 1840 lo0 - -
>> 192.168.0/16 192.168.0.2 U 1 12556 en1 - -
>>
>> Route Tree for Protocol Family 24 (Internet v6):
>> ::1 ::1 UH 0 0 lo0 16896 -
>> [7028]:// #
>> [7028]:// #
>> [7028]:// # traceroute 192.168.233.101
>> trying to get source for 192.168.233.101
>> source should be 192.168.0.2
>> traceroute to 192.168.233.101 (192.168.233.101) from 192.168.0.2 (192.168.0.2),
>> 30 hops max
>> outgoing MTU = 1500
>> 1 * * *
>> 2 * *
>> _________________________-
>>
>> I see a route 192.168.0.2 and it does not exist??
>>
>> Thanks, Jim
>>
>>
>> Steve Jenkin <sjenkin at canb.auug.org.au> wrote:
>>
>> >Jim,
>> >
>> >On the AIX box, run 'netstat -rn' (only need network numbers, not
>> >names). And also on it run a tracerout back to your home m/c.
>> >
>> >cheers
>> >s
>> >
>> >On Wed, 2005-11-09 at 19:34 -0500, Jsparksaa at cs.com wrote:
>> >> Stephen & "Beaky",
>> >>
>> >> I did a traceroute and here are the results:
>> >
>> >Which machine is this traceroute done on?? (ie the IP number)
>> >You have to construct a matrix of what can see what.
>> >I gather you have 9 addresses, (10.0.0.1 .. 9)
>> >That's 9 rows by 9 columns. And 'directionality' is needed too.
>> >Ie from 10.0.0.5 to 10.0.0.2 is *not* the same as 10.0.0.2 to 10.0.0.5.
>> >
>> >
>> >> linux:~ # traceroute 10.0.0.5
>> >> traceroute to 10.0.0.5 (10.0.0.5), 30 hops max, 40 byte packets
>> >> 1 * * *
>> >> 2 10.0.0.5 71.875 ms 74.155 ms 75.023 ms
>> >>
>> >> linux:~ # traceroute 10.0.0.2
>> >> traceroute to 10.0.0.2 (10.0.0.2), 30 hops max, 40 byte packets
>> >> 1 * * *
>> >> 2 * * *
>> >> . . .
>> >> 29 * * *
>> >> 30 * * *
>> >> linux:~ #
>> >>
>> >> 10.0.0.5 is accessible and 10.0.0.2 is the AIX server. I do not know what to do to setup a "return" path.
>> >>
>> >> All help is greatly appreciated.
>> >>
>> >> Jim
>> >>
>> >>
>> >>
>> >> Stephen Jenkin <sjenkin at canb.auug.org.au> wrote:
>> >>
>> >> >Jim,
>> >> >
>> >> >This sort of problem is often to do with *return* paths. The AIX system
>> >> >may not have a (default) route that goes back to your home.
>> >> >Traceroute is your friend...
>> >> >
>> >> >From 'I can telnet from home to my desk at work' you know that the VPN
>> >> >works.
>> >> >
>> >> >Happy to help more if you need it...
>> >> >
>> >> >HTH
>> >> >sj
>> >> >
>> >> >On Wed, 9 Nov 2005 Jsparksaa at cs.com wrote:
>> >> >
>> >> >> Hello,
>> >> >>
>> >> >> I have recently setup a Netgear FVS318 VPN router to connect to a
>> >> >> SonicWall 2040. The VPN tunnel is running and I am ssh'd from my work
>> >> >> desk to a home SLES machine.
>> >> >>
>> >> >> At work, I can ping devices 10.0.0.1 to .9, but three of the same
>> >> >> devices do not respond to ping from the VPN. I also cannot telnet to
>> >> >> an AIX server from the VPN. (The AIX server is one of the devices
>> >> >> that does not respond to ping.)
>> >> >>
>> >> >> I can telnet from home to my desk at work.
>> >> >>
>> >> >> I do not have an idea where to look to solve my access problems to the AIX machine.
>> >> >>
>> >> >> Thanks, Jim
>> >> >>
>> >> >>
>> >> >> work net home net
>> >> >> 10.0.0.x 192.168.233.y
>> >> >>
>> >> >> --
>> >> >> linux mailing list
>> >> >> linux at lists.samba.org
>> >> >> https://lists.samba.org/mailman/listinfo/linux
>> >> >>
>> >> >
>> >> >
>> >> >Steve Jenkin, Unix Sys Admin
>> >> >0412 786 915 (+61 412 786 915)
>> >> >PO Box 48, Kippax ACT 2615, AUSTRALIA
>> >> >
>> >> >sjenkin at canb.auug.org.au http://www.tip.net.au/~sjenkin
>> >> >
>> >> >
>> >> >
>> >>
>> >--
>> >Steve Jenkin, Unix Sys Admin
>> >0412 786 915 (+61 412 786 915)
>> >PO Box 48, Kippax ACT 2615, AUSTRALIA
>> >
>> >mailto:sjenkin at canb.auug.org.au http://www.tip.net.au/~sjenkin
>> >
>> >
>> >
>>
>--
>Steve Jenkin, Unix Sys Admin
>0412 786 915 (+61 412 786 915)
>PO Box 48, Kippax ACT 2615, AUSTRALIA
>
>mailto:sjenkin at canb.auug.org.au http://www.tip.net.au/~sjenkin
>
>
>
More information about the linux
mailing list