LARTC - Nov 2004 - routing question

So far I have been used to using linux to provide simple routing from my 
network to others using commands such as ip route add 192.168.1.0/24 via 
192.168.0.4 etc and it has all worked perfectly.
I also use smoothwall GPL to provice vpn services, however I have hit on 
a problem and am not at all clear on the way in which to proceed.
I now need to provide a route to services, the access to these is 
provided by a router on a network on the far end of a VPN. the  
computers on the  remote network can see the service I need to access, 
however when I try to provice a route to that system using a router on 
the remoted network by issuing a command such as 192.168.5.0/24 via 
192.168.15.6  in the router at 192.168.0.4 I get the following :-
RTNETLINK answers: Network is unreachable.

My question is , what way of providing access to this route do I need to 
follow, Is it GRE tunnels (not the best option as I don''t have enough 
information on the remote router configurations and am not able to 
change their settings).  Do I have to use  new routing tables  or is 
there something else I must do to get this working?
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

my current router and default gateway for my network is 192.168.0.4 
(with one interface eth0)
192.168.0.8 is a smoothwall with a vpn set up to 192.168.15.0
I need to get to a network at 192.168.16.0/24 at the through the gateway 
at 192.168.15.254

Machines on 192.168.15.0 can ping those on 192.168.16.0

this is the current situation with some real numbers from 192.168.0.4
ip route
192.168.3.0/24 via 192.168.0.8 dev eth0
192.168.0.0/24 dev eth0  scope link
192.168.16.0/24 via 192.168.15.254 dev eth0
192.168.15.0/24 via 192.168.0.8 dev eth0
127.0.0.0/8 dev lo  scope link
default via 192.168.0.8 dev eth0

I can see the following from 192.168.0.4 :-
ping 192.168.15.254
PING 192.168.15.254 (192.168.15.254) 56(84) bytes of data.
64 bytes from 192.168.15.254: icmp_seq=1 ttl=253 time=66.7 ms
64 bytes from 192.168.15.254: icmp_seq=2 ttl=253 time=65.4 ms

ping 192.168.15.21
PING 192.168.15.21 (192.168.15.21) 56(84) bytes of data.
64 bytes from 192.168.15.21: icmp_seq=1 ttl=253 time=75.6 ms

but when I do
ip route add 192.168.15.254 via 192.168.15.21
I get
RTNETLINK answers: Network is unreachable

what I  really want to do at 192.168.0.4  is something like this
ip route add 192.168.16.0/24 via 192.168.15.254 (this also gives 
RTNETLINK answers: Network is unreachable)




Rene Gallati wrote:
> routing wrote:
>
>> So far I have been used to using linux to provide simple routing from 
>> my network to others using commands such as ip route add 
>> 192.168.1.0/24 via 192.168.0.4 etc and it has all worked perfectly.
>> I also use smoothwall GPL to provice vpn services, however I have hit 
>> on a problem and am not at all clear on the way in which to proceed.
>> I now need to provide a route to services, the access to these is 
>> provided by a router on a network on the far end of a VPN. the  
>> computers on the  remote network can see the service I need to 
>> access, however when I try to provice a route to that system using a 
>> router on the remoted network by issuing a command such as 
>> 192.168.5.0/24 via 192.168.15.6  in the router at 192.168.0.4 I get 
>> the following :-
>> RTNETLINK answers: Network is unreachable.
>
>
> Imho this simply means that the router at 192.168.0.4 does not know 
> where 192.168.15.6 (the via target) is and thus denies the request. 
> Add a route to 192.168.15.6 first and then it should work.
>
>> My question is , what way of providing access to this route do I need 
>> to follow, Is it GRE tunnels (not the best option as I don''t
have
>> enough information on the remote router configurations and am not 
>> able to change their settings).  Do I have to use  new routing 
>> tables  or is there something else I must do to get this working?
>
>
> Just tell the router where your target is and all should be well, 
> provided it can be really reached by the router in the first place, of 
> course.
>
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

routing wrote:
> my current router and default gateway for my network is 192.168.0.4 
> (with one interface eth0)
> 192.168.0.8 is a smoothwall with a vpn set up to 192.168.15.0
> I need to get to a network at 192.168.16.0/24 at the through the gateway 
> at 192.168.15.254
> 
> Machines on 192.168.15.0 can ping those on 192.168.16.0
> 
> this is the current situation with some real numbers from 192.168.0.4
> ip route
> 192.168.3.0/24 via 192.168.0.8 dev eth0
> 192.168.0.0/24 dev eth0  scope link
> 192.168.16.0/24 via 192.168.15.254 dev eth0
> 192.168.15.0/24 via 192.168.0.8 dev eth0
> 127.0.0.0/8 dev lo  scope link
> default via 192.168.0.8 dev eth0
> 
> I can see the following from 192.168.0.4 :-
> ping 192.168.15.254
> PING 192.168.15.254 (192.168.15.254) 56(84) bytes of data.
> 64 bytes from 192.168.15.254: icmp_seq=1 ttl=253 time=66.7 ms
> 64 bytes from 192.168.15.254: icmp_seq=2 ttl=253 time=65.4 ms
> 
> ping 192.168.15.21
> PING 192.168.15.21 (192.168.15.21) 56(84) bytes of data.
> 64 bytes from 192.168.15.21: icmp_seq=1 ttl=253 time=75.6 ms
> 
> but when I do
> ip route add 192.168.15.254 via 192.168.15.21
> I get
> RTNETLINK answers: Network is unreachable
> 
> what I  really want to do at 192.168.0.4  is something like this
> ip route add 192.168.16.0/24 via 192.168.15.254 (this also gives 
> RTNETLINK answers: Network is unreachable)
Try "ip route add 192.168.16.0/24 via 192.168.15.21 dev eth0" this 
should really work but you might need to designate the interface name.
> 
> Rene Gallati wrote:
> 
>> routing wrote:
>>
>>> So far I have been used to using linux to provide simple routing
from
>>> my network to others using commands such as ip route add 
>>> 192.168.1.0/24 via 192.168.0.4 etc and it has all worked perfectly.
>>> I also use smoothwall GPL to provice vpn services, however I have
hit
>>> on a problem and am not at all clear on the way in which to
proceed.
>>> I now need to provide a route to services, the access to these is 
>>> provided by a router on a network on the far end of a VPN. the  
>>> computers on the  remote network can see the service I need to 
>>> access, however when I try to provice a route to that system using
a
>>> router on the remoted network by issuing a command such as 
>>> 192.168.5.0/24 via 192.168.15.6  in the router at 192.168.0.4 I get
>>> the following :-
>>> RTNETLINK answers: Network is unreachable.
>>
>>
>>
>> Imho this simply means that the router at 192.168.0.4 does not know 
>> where 192.168.15.6 (the via target) is and thus denies the request. 
>> Add a route to 192.168.15.6 first and then it should work.
>>
>>> My question is , what way of providing access to this route do I
need
>>> to follow, Is it GRE tunnels (not the best option as I
don''t have
>>> enough information on the remote router configurations and am not 
>>> able to change their settings).  Do I have to use  new routing 
>>> tables  or is there something else I must do to get this working?
>>
>>
>>
>> Just tell the router where your target is and all should be well, 
>> provided it can be really reached by the router in the first place, of 
>> course.
>>
>>
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/