VPN attaching to the wrong ethernet when bridging two NIC in Linux

Discussion in 'Technical' started by Lachlan, Aug 19, 2016.

  1. Lachlan

    Lachlan New Member

    I have problems with my VPN attaching to the wrong NIC, or it just not working when two NIC are present.

    My VoIP physical phone is blocked by my ISP so i use an embedded system running Ubuntu 15.04/MATE with two ethernet ports to provide VPN access to the internet on eth0 and the VoIP phone on eth1.

    I have established a DHCP Server to provide service to the VoIP phone on eth1 as follows:

    Contents of "/etc/dhcp/dhcpd.conf":
    ddns-update-style none;
    option domain-name "xu4.org";
    option domain-name-servers ns1.xu4.org, ns2.xu4.org;
    # Set up our desired subnet:
    subnet 192.168.2.0 netmask 255.255.255.0 {
    range 192.168.2.101 192.168.1.254;
    option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.2.255;
    option routers 192.168.2.1;
    }
    default-lease-time 600;
    max-lease-time 7200;
    authoritative;


    Also



    Contents of "/etc/network/interfaces":
    # The uplink to the internet
    auto eth0
    iface eth0 inet dhcp

    # Assign a static IP for this DHCP server through eth1:
    auto eth1
    iface eth1 inet static
    address 192.168.2.100
    netmask 255.255.255.0
    broadcast 192.168.2.255
    gateway 192.168.2.1
    up route add -host 255.255.255.255 eth1

    Also

    Contents of "/etc/default/isc-dhcp-server":
    INTERFACES="eth1"

    To check that the DHCP server is working on eth1 and providing a lease:

    $ more /var/lib/dhcp/dhcpd.leases
    lease 192.168.2.101 {
    starts 4 2016/08/18 15:51:14;
    ends 4 2016/08/18 16:01:14;
    tstp 4 2016/08/18 16:01:14;
    cltt 4 2016/08/18 15:51:14;
    binding state active;
    next binding state free;
    rewind binding state free;
    hardware ethernet 7c:2f:80:9c:e0:cb;
    client-hostname "C530-IP";
    }

    I create a VPN connection and attach it to eth0 using the icon on the desktop

    Network Icon->VPN Connections->Configure VPN->VPN->add
    (setup gateway, username, password, use Point-to-point encryption, Name VPN1)
    Network Icon->VPN Connections->Configure VPN->ethernet->eth0->Edit
    (Automatically connect to VPN1 when using this connection, Automatic (DHCP))

    Now when the system comes up, the default upstream connection appears as eth1 and not eth0. Trying to connect to the VPN fails.

    The network maps is as follows:

    $ route -n
    Destination Gateway Genmask Flags Metric Ref Use Iface
    0.0.0.0 192.168.2.1 0.0.0.0 UG 100 0 0 eth1
    0.0.0.0 192.168.1.1 0.0.0.0 UG 101 0 0 eth0
    173.255.160.5 192.168.2.1 255.255.255.255 UGH 0 0 0 eth1
    192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
    192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

    And the ip addresses are:

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
    valid_lft forever preferred_lft forever
    2: sit0: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default
    link/sit 0.0.0.0 brd 0.0.0.0
    3: ip6tnl0@NONE: <NOARP,UP,LOWER_UP> mtu 1452 qdisc noqueue state UNKNOWN group default
    link/tunnel6 :: brd ::
    4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:1e:06:30:3a:92 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.194/24 brd 192.168.1.255 scope global dynamic eth0
    valid_lft 86059sec preferred_lft 86059sec
    inet6 fe80::21e:6ff:fe30:3a92/64 scope link
    valid_lft forever preferred_lft forever
    5: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether d2:df:a9:d0:7c:03 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.100/24 brd 192.168.2.255 scope global eth1
    valid_lft forever preferred_lft forever

    Before I setup the router table I need to get the VPN on eth0 working.

    If I remove the eth1 port as follows, then everything works fine:

    $ sudo service isc-dhcp-server stop
    $ sudo ifdown eth1

    then the new routing table looks like this:

    route -n
    Destination Gateway Genmask Flags Metric Ref Use Iface
    0.0.0.0 0.0.0.0 0.0.0.0 U 50 0 0 ppp0
    0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0
    173.255.160.5 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0
    173.255.160.129 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
    173.255.160.165 0.0.0.0 255.255.255.255 UH 50 0 0 ppp0
    192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0

    And the ethernet is now successfully routed through my VPN.

    Any suggestions on how to get the two ethernet connections working the required way would be appreciated.

    Regards
    Lachlan
     
    Lachlan, Aug 19, 2016
    #1

Share This Page