I have the following configuration:
- Linux machine with ip 10.0.0.99
- bridge over a virtual interface with ip 192.168.0.1
- linux in a lxc container over the bridge with ip 192.168.0.2
- vpn on the container with ip 172.xx.x.xxx
- the machines behind the vpn are in the network 10.232.10.0/24
I want to reach from the Linux machine the ips from the vpn
Why I tried:
ip route add 192.168.0.0/24 via 192.168.0.1 dev bridge_lxc
ping/ssh works to 192.168.0.2
Tried to route the vpn network through 192.168.0.2:
ip route add 10.232.10.0/24 via 192.168.0.2 dev bridge_lxc
RTNETLINK answers: Network is unreachable
how can I route all the vpn network through the virtual machine inside the container?
Best Answer
The error message indicates that the host you are trying to add this route on doesn't know where 192.168.0.2 is. You will need to provide that route first.
In general: if you want the 172.x.x.x network range to be accessible from the 10.x.x.x network, you will somehow need to let the computers in the 10.x.x.x network know that your host is the router for the 172.x.x.x range.
You will also need to set up adequate routing on the host machine for that range:
If you have a split-horizon VPN, you will also need to advertise the 10.x.x.x network ranges (and possibly the 192.x.x.x ranges) to your VPN clients.
In order to debug your network routing, I suggest you get acquainted with the
ip route getcommand. It displays you which interface a target address is seen through. Remember, routing needs to work both ways. The return packets must find their way back.