Problems with building a VPN server using CentOS

Source: Internet
Author: User
Tags centos server
A problem occurred when we used PacketiXVPN in our company to build a VPN server using CentOS. After a long time, I had not solved the problem, so I found out the problem by looking for their technical staff to completely simulate our network environment...
A problem occurred when we used PacketiX VPN to build a VPN server using CentOS. After a long time, I did not solve the problem, so I found out the problem by looking for their technical staff to completely simulate our network environment. it is representative and I will share it with you. The network environment www.2cto.com is as follows: the headquarters of the company uses the hardware firewall of Juniper. The intranet gateway is 10.50.201.1, and the PacketiX (Parx) VPNServer is installed on a CentOS server (10.50.201.3. Create two virtual hubs, one for the cable tray physical Nic and the other for the site dial-in. Create a layer-3 switch and set the virtual interface address of the HUB used for bridging to 10.50.201.2. the interface address of the HUB used for VPN dial-in is 10.50.203.2. (This HUB provides site-side VPN dial-in, therefore, it is equivalent to a physical switch on the site, and must be set to the LAN address on the site ). The branch uses CentOS as the gateway server. The intranet gateway address is 10.50.203.1. install the dispatch VPNBridge on an intranet CentOS server (10.0.203.3. Establish a bridge with the physical network card. Establish a VPN connection to the VPNServer. And the connection is successful. Set static routes on the physical gateways at both ends, and specify that the data accessing the peer network of the VPN is forwarded to the layer-3 switch of the VPNServer. In theory, all the computers in the two Lan should be interconnected, but the packetiX VPN is installed on the CentOS system, which is based on linux. due to the kernel mechanism, the computer on which the VPN peer is located cannot communicate with the ip address of the server on which the VPNServer (or Bridge) is installed. This issue cannot be avoided. It is normal. However, other computers in the Lan can communicate with each other. The problem occurs: except for the installation of the VPNServer (or VPN Bridge) server, the ping operation fails, and the other addresses are normal. Only the physical gateway 10.50.203.1 at the VPN ridge end cannot be pinged. This physical Gateway also uses CentOS servers. This causes a problem. Because the network administrator needs to perform remote management through VPN. In this case, the ping fails and the cause cannot be found. After simulating the network environment, their technicians confirmed the problem. The problems that may occur in the features of the pex VPN product and the possible problems of various physical networks are ruled out. Finally, they do not recommend using ping to test connectivity. Instead, you can directly access the management interface of the VPNBridge gateway using the IE browser. As a result, the CentOS management page was opened. Although the Gateway cannot be pinged, this does not affect the actual network application requirements. Since we are used to testing network connectivity using ping, we ignore other testing methods. In the actual network, the ping test method is not completely reliable. Many firewalls do not respond to ping packets by default. In this typical network environment, the VPNBridge Gateway uses a CentOS server based on Linux. The firewall is enabled by default. Blocks ping packets from another network.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.