Closed huseyinkomac closed 4 years ago
Might be related to issue #132 , but definitely a routing issue if the VPN connection is up, but complains about no route to host.
The following shows the routing table for a working L2TP/IPsec connection to a VPN server with Gateway IP address 87.117.247.187
.
Before VPN connection:
$ ip route list
default via 192.168.0.1 dev eno1 proto dhcp metric 100
192.168.0.0/24 dev eno1 proto kernel scope link src 192.168.0.74 metric 100
After VPN connection:
$ ip route list
default dev ppp0 proto static scope link metric 50
default via 192.168.0.1 dev eno1 proto dhcp metric 100
1.0.0.1 dev ppp0 proto kernel scope link src 10.20.0.10 metric 50
87.117.247.187 via 192.168.0.1 dev eno1 proto static metric 100
169.254.0.0/16 dev ppp0 scope link metric 1000
192.168.0.0/24 dev eno1 proto kernel scope link src 192.168.0.74 metric 100
192.168.0.1 dev eno1 proto static scope link metric 100
For the ppp0 route 1.0.0.1 dev ppp0 proto kernel scope link src 10.20.0.10 metric 50
, if in your case it is using the Gateway IP address (e.g. 87.117.247.187
instead of 1.0.0.1
), then it is this problem and you could use the workaround described in that issue.
In Win10 you could run route print -4
to print the IPv4 routing table while the VPN is up, similarly run route -4
on Linux. Then do a comparison and manually add or remove routes on Linux.
I couldn't figure out the error still.
This is route print -4
output in windows.
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.33 4280
0.0.0.0 0.0.0.0 On-link 192.168.1.145 46
127.0.0.0 255.0.0.0 On-link 127.0.0.1 4556
127.0.0.1 255.255.255.255 On-link 127.0.0.1 4556
127.255.255.255 255.255.255.255 On-link 127.0.0.1 4556
192.168.1.0 255.255.255.0 On-link 192.168.1.33 4536
192.168.1.33 255.255.255.255 On-link 192.168.1.33 4536
192.168.1.145 255.255.255.255 On-link 192.168.1.145 301
192.168.1.255 255.255.255.255 On-link 192.168.1.33 4536
XXX.XXX.XX.XX 255.255.255.255 192.168.1.1 192.168.1.33 4281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 4556
224.0.0.0 240.0.0.0 On-link 192.168.1.33 4536
224.0.0.0 240.0.0.0 On-link 192.168.1.145 46
255.255.255.255 255.255.255.255 On-link 127.0.0.1 4556
255.255.255.255 255.255.255.255 On-link 192.168.1.33 4536
255.255.255.255 255.255.255.255 On-link 192.168.1.145 301
And this is route -4 output in linux.
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 0.0.0.0 0.0.0.0 U 50 0 0 ppp0
default _gateway 0.0.0.0 UG 600 0 0 wlp3s0
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 wlp3s0
192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp3s0
_gateway 0.0.0.0 255.255.255.255 UH 50 0 0 ppp0
_gateway 0.0.0.0 255.255.255.255 UH 600 0 0 wlp3s0
XXX.XXX.XX.XX.s _gateway 255.255.255.255 UGH 600 0 0 wlp3s0
Ip that I'm trying to connect is "XXX.XXX.XX.XX".
Also output of ip route list in linux
default dev ppp0 proto static scope link metric 50
default via 192.168.1.1 dev wlp3s0 proto dhcp metric 600
169.254.0.0/16 dev wlp3s0 scope link metric 1000
192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.33 metric 600
192.168.1.1 dev ppp0 proto kernel scope link src 192.168.1.148 metric 50
192.168.1.1 dev wlp3s0 proto static scope link metric 600
XXX.XXX.XX.XX via 192.168.1.1 dev wlp3s0 proto static metric 600
Sorry, I have very little knowledge about this.
Removing the multicast, broadcast and locahhost routes from the Windows routes and reformatting to make it closer to the route -4
linux output ends up with:
Destination Gateway Netmask Interface Metric
default On-link 0.0.0.0 ppp0 46
default _gateway 0.0.0.0 wlp3s0 4280
192.168.1.33 On-link 255.255.255.255 wlp3s0 4536
192.168.1.0 On-link 255.255.255.0 wlp3s0 4536
192.168.1.145 On-link 255.255.255.255 ppp0 301
XXX.XXX.XX.XX _gateway 255.255.255.255 wlp3s0 4281
where _gateway in both the above is 192.168.1.1
.
On linux I think the following route is the problem:
Destination Gateway Genmask Flags Metric Ref Use Iface
_gateway On-link 255.255.255.255 UH 50 0 0 ppp0
as i don't see routes with _gateway as the destination on the ppp0 inteface with the VPN connections I've connected to, the destination i see is not _gateway.
Could you try deleting that route? I think the following should do it (note: _gateway is 192.168.1.1
) :
sudo route del 192.168.1.1 ppp0
When you say "I can't connect to the local machines from the target network", are you trying to connect to machines on the remote network, or you are trying to connect from machines on the remote network back to your local network?
That didn't solve the problem as well. I am trying to connect to machines on the remote network.
New ip route list
output is this.
default dev ppp1 proto static scope link metric 50
default via 192.168.1.1 dev wlp3s0 proto dhcp metric 600
169.254.0.0/16 dev ppp1 scope link metric 1000
192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.36 metric 600
192.168.1.1 dev wlp3s0 proto static scope link metric 600
XXX.XXX.XX.XX via 192.168.1.1 dev wlp3s0 proto static metric 600
And route -4
output
Destination Gateway Genmask Flags Metric Ref Use Iface
default 0.0.0.0 0.0.0.0 U 50 0 0 ppp1
default _gateway 0.0.0.0 UG 600 0 0 wlp3s0
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 ppp1
192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp3s0
_gateway 0.0.0.0 255.255.255.255 UH 600 0 0 wlp3s0
XXX.XXX.XX.XX.s _gateway 255.255.255.255 UGH 600 0 0 wlp3s0
Okay after I executed the command sudo route add 192.168.1.197 ppp1
I finally successfully connected to this computer that is connected to the remote network, and I tried to connect to my computer from the computer that has "192.168.1.197" as a local ip from remote network and it worked. But I can still only connect to this ip, it's definitely a routing problem as you said.
Can you help me with this? What would be the correct routing solution to connect all the ips in the remote network? Thanks in advance!
I'm a little confused, so both the local and remote networks use 192.168.1.0/24
private IP addresses? Can you configure your local router to offer a different private IP address range in order to simplify routing?
Yes! That solved the problem. Changed my local router's local ip range from 192.168.1.0 to 192.168.2.0. And didn't even have to do anything else, it connects to every ip from remote network now. Man, I can't tell you how grateful I am right now, I can finally work on linux. Don't know how windows was dealing with this though.
Thanks a lot!! Really appreciate it.
Glad to hear it is now working for you.
One other tip I might mention, in the IPv4 settings for the VPN connection, you could enable the "Use this connection only for resources on its network" checkbox which will only route traffic over the VPN connection if it is to a host in the remote network. It may or may not be useful.
Hello, I am using Pop! OS 19.10 trying to connect to my company's L2TP IPsec VPN. I can easily connect to this network in windows 10 but having an issue on linux side.
I have libreswan 3.29, network-manager-l2tp-gnome 1.12.16 installed. I checked "Enforce UDP encapsulation" and "Disable PFS" options in IPsec options since I couldn't connect to the VPN without checking these. I also entered "3des-sha1-modp1024" and "3des-sha1" to the Phase algorithms. I can connect to the VPN with these configs but I can't connect to the local machines from the target network. When I try to connect with ssh it says "No route to host" and from the web browser it says Unable to connect to target.
Have you encounter with this issue before and do you know how to solve it?
Don't know which logs to add, if you can help me about which logs to add I can add them.