No ping no contact to server through VPN

Hi,

I have several Suse 10.3 Servers running within a WAN. Every Server acts as
a local server for his own LAN, but some of them have to be visoble to users
sitting in other LANs, so all LANs are connected with VPN connections
through the internet. The VPN is build up with routers, these routers also
are responsible for internet access for the LANs.

Now I have one Suse server that I can ping and access within its LAN, but
never through VPN. All other servers are OK. I can´t find a difference
between these servers configuration except that this server has two NICs.

For example:

LAN A: 192.168.15.0
LAN B: 192.168.16.0
LAN C: 192.168.17.0

Every LAN has its Router at 192.168.nn.254
Every LAN has its Server at 192.168.nn.10

All IP numbers are static, no DHCP.

So now I can ping every valid adress in LAN A form LAN B or LAN C
I can also ping every valid adress in LAN C from LAN A or LAN B
I can ping every valid adress except the server in LAN B from LAN A and LAN
C (but I can ping and access this server from within LAN B)

I reconfigured the routers. I made a complete new installation of Suse 10.3
on this server. I switched off the firewall at this server. No success.
What I did wrong? What information do you need the help?
One additional suggestion: This server in LAN B has two NIC 192.168.16.10
and 192.168.16.11 configured as eth0 and eth1. Maybee something to do with
this?

Klemens

Klemens Lichter wrote:

> Now I have one Suse server that I can ping and access within its LAN, but
> never through VPN. All other servers are OK. I can´t find a difference
> between these servers configuration except that this server has two NICs.
>
> For example:
>
> LAN A: 192.168.15.0
> LAN B: 192.168.16.0
> LAN C: 192.168.17.0
>
> Every LAN has its Router at 192.168.nn.254
> Every LAN has its Server at 192.168.nn.10
>
> I reconfigured the routers. I made a complete new installation of Suse
> 10.3 on this server. I switched off the firewall at this server. No
> success. What I did wrong? What information do you need the help?
> One additional suggestion: This server in LAN B has two NIC 192.168.16.10
> and 192.168.16.11 configured as eth0 and eth1. Maybee something to do with
> this?

1- Compare the routing tables on these three servers each on LAN A, B, and
C.
2- Assuming 1 to prove the routing tables are the same on each server, it's
most likely a routing issue with your router re-configuration. Traceroute
from the troubled server to a functional one. Where the traceroute stops
is most likely the culprit.
3- Remember that routing is a two-way street. In other words, if the LAN B
server has a correct route to LAN A, but the LAN A server does not have a
correct route back, it will fail.

HTH!

--
Menes Narmer
menesofmemphis [at] gmail [dot] com

"Unity and humility is the lesson all of history teaches."

Menes Narmer a écrit :

>> One additional suggestion: This server in LAN B has two NIC 192.168.16.10
>> and 192.168.16.11 configured as eth0 and eth1. Maybee something to do with

I this is right, you have two NICS on the same sub_lan, this is
certainly the problem.

What is this for? I know nothing of load balacing on two NIC's, but I
don't see this as a frequent usage.

change from 192.168.16 to 192.168.15, for example, for only one NIC
could solve the problem (if route is set to the good NIC)

jdd


--
http://www.dodin.net
http://clairedodin.voices.com/
http://www.clairedodin.com/
http://claire.dodin.net/

jdd wrote:

> change from 192.168.16 to 192.168.15, for example, for only one NIC
> could solve the problem (if route is set to the good NIC)

Ah, good catch, JDD. The request or response could be going/coming on
separate interfaces.

--
Menes Narmer
menesofmemphis [at] gmail [dot] com

"Unity and humility is the lesson all of history teaches."

Thanks Menes and JDD,

tomorrow morning I will pe at the place where the server is and check your suggestions.

the two NICs are onboard of this server, so I don´t have any chance to get rid of one of them. OK I can check if one can be deactivated in the BIOS or like you mentioned I can give it another network number.

I thought on bounding those two NICs to one virtual NIC in future (I think I have read something that this may be possoble in SUSE but until now I don´t know exactly how to do) with only one IP adress to get more performance.

Klemens


"Menes Narmer" <menesofmemphis@gmail.com> schrieb im Newsbeitrag news26Lj.2176$Dh4.625@kovat.provo.novell.com...
> jdd wrote:
>
> > change from 192.168.16 to 192.168.15, for example, for only one NIC
> > could solve the problem (if route is set to the good NIC)
>
> Ah, good catch, JDD. The request or response could be going/coming on
> separate interfaces.
>
> --
> Menes Narmer
> menesofmemphis [at] gmail [dot] com
>
> "Unity and humility is the lesson all of history teaches."

OK; thank you, giving the eth1 another IP network helped. So now I have
contact from outside.

This situation brings me to another question: If I now have a second network
with separate IP number, is there a possibility to use this network for e.g.
connecting my notebook that has another IP adress and network number than
the local network here?

Local network (connected to eth0) has 192.168.15.0 with all its clients and
the internet router inside this network

My Notebook has 192.168.20.100 (which is an adress from my network at home).
If I use my notebook in the office I always have to change IP adress to
192.168.15.100, also the default gateway adress in the network settings.
Probable solution: Give eth1 from the server here in the office the
192.168.20.nn adress so my notebook will connect the server through this
network. BUT: Than I think I need some additional routing: The notebook has
access to the server and the samba there (I opened the samba to the .20.
net), but there is no internet access (remember the internet-router/gateway
is 192.168.15.254). On the notebook I can´t ping any adress from the .15.
net even though I can reach clients in this net via netbios and vice versa.
The notebook has 192.168.20.254 as default gateway, so how I get my server
to route 192.168.20.254 to 192.168.15.254?

route -n tells me:

destination gateway genmask Flags
Metric Ref Use Iface
192.168.20.0 0.0.0.0 255.255.255.0 U
0 0 0 eth1
192.168.15.0 0.0.0.0 255.255.255.0 U
0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U
0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0
U 0 0 0 lo
0.0.0.0 192.168.15.254 0.0.0.0 UG
0 0 0 eth0

What I need to add here?

Thanks in advance

Klemens

--

"Menes Narmer" <menesofmemphis@gmail.com> schrieb im Newsbeitrag
news26Lj.2176$Dh4.625@kovat.provo.novell.com...
> jdd wrote:
>
> > change from 192.168.16 to 192.168.15, for example, for only one NIC
> > could solve the problem (if route is set to the good NIC)
>
> Ah, good catch, JDD. The request or response could be going/coming on
> separate interfaces.
>
> --
> Menes Narmer
> menesofmemphis [at] gmail [dot] com
>
> "Unity and humility is the lesson all of history teaches."