well maybe I am not understanding how VeeamPN is supposed to work
Anyway, this is my current situation on the gateway machine
Code: Select all
root@localhost:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:9b:7d:d8 brd ff:ff:ff:ff:ff:ff
inet 172.16.107.235/24 brd 172.16.107.255 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe9b:7dd8/64 scope link
valid_lft forever preferred_lft forever
4: wg.veeampn: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.211.0.2/16 scope global wg.veeampn
valid_lft forever preferred_lft forever
root@localhost:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 0 0 0 ens160
10.210.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wg.veeampn
10.211.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wg.veeampn
172.16.107.0 0.0.0.0 255.255.255.0 U 0 0 0 ens160
root@localhost:~#
So my local IP is 172.16.107.235 and I have a further IP 10.211.0.2/16 assigned via the gateway to hub tunnel.
Now, still being within the context of the gateway (client) and server (hub) machines, if I want to reach the subnet behind the hub host (subnet 172.16.215.0/24, the host itself being on 172.16.215.98) I guess I have to manually enter a route for 172.16.215.0/24 while on the hub, for some reason, I don't have to do anything as there is apparently already a route auto added as I would have expected on BOTH sides of the tunnel
Code: Select all
root@localhost:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b7:a7:c3 brd ff:ff:ff:ff:ff:ff
inet 172.16.215.98/24 brd 172.16.215.255 scope global dynamic ens160
valid_lft 73728sec preferred_lft 73728sec
inet6 fe80::20c:29ff:feb7:a7c3/64 scope link
valid_lft forever preferred_lft forever
3: tun.veeampn: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
link/none
inet 10.210.0.1/16 brd 10.210.255.255 scope global tun.veeampn
valid_lft forever preferred_lft forever
inet6 fe80::7cce:c674:3a37:a07f/64 scope link stable-privacy
valid_lft forever preferred_lft forever
4: wg.veeampn: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.211.0.1/16 scope global wg.veeampn
valid_lft forever preferred_lft forever
root@localhost:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 100 0 0 ens160
10.210.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun.veeampn
10.211.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wg.veeampn
172.16.107.0 0.0.0.0 255.255.255.0 U 0 0 0 wg.veeampn
172.16.215.0 0.0.0.0 255.255.255.0 U 0 0 0 ens160
_gateway 0.0.0.0 255.255.255.255 UH 100 0 0 ens160
I am ok to add that static route except that Netplan doesn't "know" of 10.211.0.2 (as it is, presumably, an dynamic IP added by the VPN tunnel).
All in all this is WAY more complicated that I'd have expected... I would have expected that to be a basic part of this whole package and I feel I am missing out on something...
So, again, my question: why does the gateway / client machine not auto configure with proper to access the hub subnet and, whever the reason, what would be the correct netplan syntax in my case ?