VeeamPN - Routing additional networks

[pmansfield]

I have a VeeamPN Hub in Azure, and a VeeamPN Gateway onsite. In Azure, I have 10.200.0.0/24 network. On site I have 10.171.0.0/16 and 10.172.0.0/16. The Gateway is in the 10.171.0.0/16 network.

From either network onsite I can ping into the 10.200 Azure network. From the Hub or a machine in the Azure network I can only ping into the 10.171 network. The routing table on the Hub only has an entry for the 10.171 range, but manually adding a route for the 10.172 range but it hasn't helped. Is it possible to add another route like this?

Apologies if this is a networking 101 type of question - I don't have a lot of experience in configuring these things in Linux or Azure, so am trying to learn it as I go.

TIA

[pmansfield]

I've correctly added the route to the onsite gateway and it can now ping the 10.171 and 10.172 networks. However I still can't figure out how to get the Azure Hub (and the Azure VMs) to route into the 10.172 network.

I don't want to have to setup separate gateways for every subnet, as I'm going to want to run a gaetway in a remote office with multiple subents and that will get unwieldy fast!

[AVasilyev]

Dear pmansfield,

The easiest way how to fix this would be to add your site with the wider range for subnet, the one which would include both of the networks, but also would include some extra networks.
So for your two networks 10.171.0.0/16 and 10.172.0.0/16 the smallest union would be 10.168.0.0/13. It is going to include 8 b-class networks 10.168/16-10.175/16

If this is not applicable in your deployment - please make us know - we will find another workaround.

Alexey

[pmansfield]

Thanks Alexey.

Unfortunately it's not a full solution, as I will also need to route additional ranges which are not covered by a contiguous netblock. I also need to connect other offices which don't have contiguous network ranges, so I do need to be able to route separate and defined ranges.

Phil.

[flamontagne]

Hey Phil,

We have the same kind of issue here and cannot figure out how to make that permanent fix, have you been able to figure it out ?

Thanks

Fred

[Jodrico]

Hi

I had the sames issues and the workaround was to run multiple appliances onsite for each required network, work perfectly.
All you Azure VM's will be able to see the required networks.

So in Azure you might have say "Site1-Sub1"= 192.168.0.1/24 <> now you want to add 10.200.10.0/24 as an example, just creat another client > call it say "Site1-Sub2"=10.200.10.0/24.
Then spin another appliance onsite and import the new config as you would do with a normal setup and you are done.

Please let me know if this worked for you.

Regards

[anthonyspiteri79]

pmansfield and Phil, at the moment with the current version the best option is to deploy a site-gateway per subnet as mentioned above.

While it does consume additional resources the current appliance/VM footprint is low so it's not much of a hit.

I talk about this sort of setup here: https://anthonyspiteri.net/homelab-lab- ... d-network/