We are using FortiClient to connect to one of our client's VPN. Unfortunately, FortiClient is routing all the traffic over VPN as default.
We have found a way around it, for Linux. After connecting with VPN we run:
sudo route del default ppp0
sudo route add -net 172.20.0.0 netmask 255.255.0.0 dev ppp0
And now, only the addresses starting with 172.20.x.x are resolved over VPN connection.
Now, I am using FortiClient 5.4 on Mac OS X 10.11.6 and I am trying to remake the above to work on Mac OS X. Basically I have problems even with the first step. I have tried:
sudo route delete -net default -ifp ppp0
But the routing still does not work expected. Easily to test, because there is no Internet connection behind the VPN - I can not browse/ping any website :-).
What am I doing wrong? Thanks for help!
I used this question to help me out and it turned out I needed one extra command.
Basically the working solution for Mac OS X 10.11.6 goes as follows:
sudo route delete -net default -interface ppp0
sudo route add -net 0.0.0.0 -interface en0
sudo route add -net 172.20.0.0 -netmask 255.255.0.0 -interface ppp0
Which basically means:
Delete default route on interface ppp0 which was set by FortiClient
Add default route for every IP on your default interface (for me en0)
Route the specific IP range through ppp0 (FortiClient) interface.
Linux equivalent, as mentioned in the question, is:
sudo route del default ppp0
sudo route add -net 172.20.0.0 netmask 255.255.0.0 dev ppp0
So you actually skip the step #2.
Not that hard in the end.
Related
A bridge brOnline is connected to eth0 which provides access to the LAN / Internet. The setup is archived within modifying /etc/network/interfaces like below.
Why? The aim of this adventure is establish a virtual network between several virtual machines and the system hosting the virtual bridge an the virtual machines (host).
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto MyBridge
iface MyBridge inet dhcp
bridge_port eth0
bridge_stp on
bridge_fd 0.0
How can I connect to the bridge from my host?
One important thing: Adding eth0 to the bridge makes it somehow unavailable to the host!
So before adding the interface eth0 to the bridge, which magic was connected to eth0 which enabled my browser the access to the local network? Can or how can I connect this magic to the bridge to have access to the LAN and can talk to the other clients connected to the bridge?
The attempts have been wrong. For the host it is not necessary to connect over an tap-device to the bridge, it has the abilety to connect directly to the bridge. In Other words if you set your default route to bridge connecting to the gateway, than you can connect to the LAN-Interface too.
# see actual settings
# The displayed via is the default gw which may be provided by your dhcp
ip route
default via 42.69.42.69 dev eth0
...
# delete the default route, otherwise error: "file exists" will show up
sudo ip route del default via 42.69.42.69 dev eth0
# Add your bridge as default route
sudo ip route add default via 42.69.42.69 dev brOnline
# check
ip route
default via 10.13.0.10 dev brOnline
ping/ssh to the outside are possible, also firefox is working with those settings.
Hint:
Those changes are not permanent. To do so, you need to edit /etc/network/interfaces.
I'm still not able to ping to the other VM's and vice versa, but this might be an other topic.
I have setup a Debian guest and I am messing around with it to learn more about VirtualBox, Debian, and later after that is done I'll be messing around with a NodeJS server on it.
After a while I noticed I couldn't do some things with it when I had a Bridged adapter setup for the VM. NPM would not install packages because it timed out. I tried running "w3m google.com" and even looked up google.com's ip to check for a DNS issue.
No matter what, I cannot connect to any form of internet. But I can ping anything just fine. I can ping google, npmjs.org, etc.
Thanks for the assistance.
Update: I have been working on this more today, Newer router, asus, I read that people were having issues with belkin routers with bridged adapters so I switched, the asus is new anyways.
The host is connected via ethernet wire.
The VM shows up on the router just fine, And I connect to that device with the IP given by the router just fine. but I still cannot connect to google.com or anything.
This is too long to explain in a comment. Below is how the bridged adapter works.
Yet, if you can ping from the guest debian that means some form of DHCP happened and you must have and IP (which is a different IP from the host machine). I'd check router configuration to see if you're not allowing/disallowing specific MACs and/or IPs from the usage of TCP/UDP protocols (that is a measure some people use on their routers).
Bridged adapter
A bridged adapter on VirtualBox simulates as if there was a bridge (well it is easier to think of this as a hub) on the cable connection to your (host) actual machine. Even if the connection is over wireless the simulation is similar.
For (almost) all purposes the guest (debian) and the router the host machine is connected to are connected directly. Have separate MAC, separate IP, they even give separate ARP requests.
router <---> host machine running VirtualBox
^
|
+-----> guest machine running Debian
This is done by sending packets with a different hardware address (you can configure the hardware address in the adapter).
You need to configure the guest system (Debian) to connect to the network as if it was a separate machine. For example, if you use a WPA connection from the host machine you need to configure WPA (including the username and password) in the guest machine.
I am not an expert, but after some research I could solve a similar problem. I have a Mac hosting a Debian server. I used Bridged Adapter on interface en0 in my Mac.
1) My Mac is running on 192.168.10.101. I know that because I run the command:
ifconfig -a
and the interface en0 shows that IP
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 6c:40:08:98:72:4c
inet6 fe80::6e40:8ff:fe98:724c%en0 prefixlen 64 scopeid 0x4
inet 192.168.10.101 netmask 0xffffff00 broadcast 192.168.10.255
2) Running netstat command at my Mac:
netstat -nr
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.10.1 UGSc 296 142 en0
I see that the Mac Gateway is on 192.168.10.1
3) Mac and Debian must be in the same segment as the Gateway, I mean 192.168.10.xxx. So I decided that my Debian must run on the static IP 192.168.10.115.
I edited /etc/network/interfaces file at my Debian server to look this way:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address 192.168.10.115
netmask 255.255.255.0
gateway 192.168.10.1
dns-nameservers 8.8.8.8 192.168.10.1
Then I did ping from my Mac and ping from my Debian and they answered Ok. I also have access to internet from Debian, because I have the same Default Gateway as my Mac.
root#debian64:/home/myuser# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default TEW-711BR 0.0.0.0 UG 0 0 0 eth0
link-local * 255.255.0.0 U 1000 0 0 eth0
I hope it helps and if anybody have better explanations I would like to learn.
For study purpose I want to setup the following networking
A:
10.130.247.92/16(private on eth1)
128.199.227.240(public on eth0)
B:
10.130.237.218/16(private on eth1)
128.199.211.182/18(public on eth0)
And use B as gateway for private route.
in A
root#privte2:~# ip route list
default via 128.199.192.1 dev eth0
10.130.0.0/16 dev eth1 scope link
128.199.192.0/18 dev eth0 scope link
and
root#privte2:~# ip route add 10.130.0.0/16 via 10.130.247.92 dev eth1
RTNETLINK answers: File exists
Can anyone tell me where i did wrong?
I tried something like this before. See if this can help you. First enable the ipforwarding in both the machines.
locate the line containing net.ipv4.ip_forward in the /etc/syscl.conf file and make the following change.
net.ipv4.ip_forward=1
May be you need to restart for this.
Not really sure, Try this route command and see if it works.
Machine>$ route add -net 10.130.0.0 netmask 255.255.255.0 gw 128.199.211.182
For instance see here.
In my Linux server I have 2 interfaces so the linux server can be accessed via Terminal by typing
ssh username#IP1
or ssh username#IP2
Every thing works fine until I restarted my server. Now I could only access the linux server via the first IP address.
I checked IP configuration (here I am connected to the server via my first IP address)nano etc/network/interfacesgives:
iface eth0 inet static
address 192.168.1.13
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.253
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 192.168.1.2
# The secondary network interface
allow-hotplug eth1
iface eth1 inet static
address 192.168.1.14
netmask 255.255.255.255
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.253
dns-nameservers 192.168.2.2
ifconfig shows that only eth0 is up so, so once I typed nano /sys/class/net/eth1/operstateI discovered that this interface(second IP adress) is down so I tried ifconfig eth1 192.168.1.14 netmask 255.255.255.255 up and then restarted my networking service and ifconfig shows that my interface is up and can be accessed via terminal, but my access is denied (Permission denied, please try again) once I tried ssh username#192.168.1.14what can I
do in order to be able to access the servers via terminal with this IP address
Try to ping the second interface just to make sure there isn't something wrong with the network itself
Make sure that SSH Daemon is configured to listen on both ports.
i'm pretty sure that the problem is in this line:
allow-hotplug eth1
change it to auto eth1, the interface should now start whenever the system starts.
Here is my situation,
i need to configure linux system as router and client are also in virtual machine..
System A
eth0: takes ip from isp(Configured as Bidge in VM ware)
eth1:
DEVICE=eth1
BOOTPROTO=static
ONBOOT=yes
HWADDR=00:0c:29:0a:eb:ec
IPADDR=192.168.100.1
NETMASK=255.255.255.0
IPV6INIT=no
TYPE=Ethernet
PREFIX=24
GATEWAY=192.168.100.1
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
Controls IP packet forwarding
net.ipv4.ip_forward = 1
route add -net 192.168.100.0 netmask 255.255.255.0 gw 192.168.100.1 dev eth1
This is so far what i have done in system A....
and in System B
I have configured static IP address
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
HWADDR=00:0c:29:0a:eb:ec
IPADDR=192.168.100.2
NETMASK=255.255.255.0
GATEWAY=192.168.100.1
Both System A and System B are Virtual OS. SystemA is considered as router and System B is considered as client...
AM i missing something...
Thanks in Advance
Adding the route is wrong. That route will be added automatically as it's an interface connected route.
What you probably did wrong is not configuring a DNS server.
If you provide more details we can give a better answer.