Re: [gentoo-user] VPN vs LAN address hostname resolution

[Michael Mol <mikemol@gmail.com>]

[-- Attachment #1.1: Type: text/plain, Size: 2793 bytes --]

On 05/22/2013 02:30 PM, Samuraiii wrote:
>
> On 2013-05-22 19:52, Michael Mol wrote:
>> On 05/22/2013 01:36 PM, Michael Orlitzky wrote:
>>> On 05/22/13 12:36, Samuraiii wrote:
>>>> Hello,
>>>>
>>>> I am trying to get hostname address resolution on my LAN and VPN with
>>>> one serious problem:
>>>> I have two "networks" eg. 10.1.1.0 and 10.2.2.0 which are representing
>>>> local address space for LAN (10.1.1.0/8) and VPN address space (10.2.2.0/8).
>>> This isn't two networks, it's one network and you've got the VPN space
>>> overlapping the LAN space. To oversimplify a little, Don't Do That.
>>>
>>> Use a separate subnet for the VPN. Then traffic to the VPN will be
>>> routed over the VPN interface as intended, but traffic to the LAN will
>>> be routed over the LAN interface. This is what you want, but right now
>>> the VPN and the LAN are the same network, so "routing to the LAN" is the
>>> same as "routing to the VPN", and your network stack doesn't know what
>>> to do with it.
>>>
>>>
>> To be clear, replacing /8 with /24 would do this:
>>
>> 10.1.1.0/8, as a "network", is really just 10.0.0.0/8. This is also true
>> of 10.2.2.0/8. The bits after the first 8 are irrelevant, since a /8 is
>> being used. Use /24 instead, in this case.
>>
>> It would be good for Samuraiii to read up:
>>
>> http://www.tcpipguide.com/free/t_IPAddressing.htm
>>
>>
> I'm sorry for mistake the subnet mask for both spaces IS 255.255.255.0.
> so it is not overlapping at all.
> I apologise for my mistake in notation.
> still this is not (mainly) problem with routing but problem with
> assigning name to address.
> If I had superfast internet connection I would not mind and just use
> vpn address space.
> So basically i need to assign lan address to computer (laptop) which
> is in same location (LAN) as other machines. And vpn address on all
> other computers.
>
> to illustrate:
>
> hostname: foo
> Location:1
> address eth0: 10.1.1.3
> address tap0: 10.2.2.3
>
> hotname: bar
> Location: 1
> addresses are irrelevant
> hosts entry for foo is 10.1.1.3 *(this is what I want to update if foo
> moves to location 2 to 10.2.2.3)*
>
> hosname baz
> Location: 2
> addresses are irrelevant
> Hosts entry for foo is 10.2.2.3 *(this is what I want to update if foo
> moves to location 2 to 10.1.1.3)*
>
> Thank you or patience
> S
>
>

What you're trying to accomplish is painfully difficult with IPv4. (If
you were using IPv6, I'd just point you at gai.conf, but AFAIK there is
no analog for IPv4.)

You may be far better served using a different VPN topology. (i.e.
n2n+IPsec, or having a VPN routing point at your network gateway)

(That said, if anyone knows a better way to do this, I'll be taking
notes, too...)

[-- Attachment #1.2: Type: text/html, Size: 3943 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 555 bytes --]