From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id C6ADE1381F3 for ; Wed, 22 May 2013 18:40:27 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D63E0E07FD; Wed, 22 May 2013 18:40:20 +0000 (UTC) Received: from mail-gh0-f174.google.com (mail-gh0-f174.google.com [209.85.160.174]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 9D359E07BA for ; Wed, 22 May 2013 18:40:19 +0000 (UTC) Received: by mail-gh0-f174.google.com with SMTP id r17so847200ghr.5 for ; Wed, 22 May 2013 11:40:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type; bh=onxCC5Uo5ZGiJW7MUIbgvDBmNpw6JFbCOf0ufCsirRk=; b=P4yroVc6S92sJaiY0KNzoVQ1458tkHbDPI1eK5jQyeOxGchoQIn/ytwl+g71pQblg+ eQqNMsN9aFj9C19J4L5pLX3mcTXg1LKjGPDeCYtkYpo4L6x+ENnJI8NCYjI2y/W6smEx ePcZDSECQ9p1uiBi1VdppTiD+FjZ39rjgpDGXZstWkBTySwAoPh0dWjNlhgWiHzl87V9 DocUH9YOwrf5gKbXDSt6uz3lgkAqOA+X89ghlCssvZXw5XgpfJCDjACoEPAr3j5hoc5y 6/w2ZtkBnmEsneLn0/ikYh+e5hTvuIOVZUFIPknrJb/BBq82cI5WAxkUrx7zVHm/mZP3 8gew== X-Received: by 10.236.92.78 with SMTP id i54mr6171614yhf.130.1369248018679; Wed, 22 May 2013 11:40:18 -0700 (PDT) Received: from ?IPv6:2001:5c0:1000:a::6e5? ([2001:5c0:1000:a::6e5]) by mx.google.com with ESMTPSA id d51sm12624153yho.14.2013.05.22.11.40.17 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 22 May 2013 11:40:18 -0700 (PDT) Message-ID: <519D110D.3060507@gmail.com> Date: Wed, 22 May 2013 14:40:13 -0400 From: Michael Mol User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130222 Thunderbird/17.0.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] VPN vs LAN address hostname resolution References: <519CF41B.5040108@gmail.com> <519D021D.2050006@orlitzky.com> <519D05C9.8000308@gmail.com> <519D0ED4.80304@gmail.com> In-Reply-To: <519D0ED4.80304@gmail.com> X-Enigmail-Version: 1.5 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="----enig2FJSUUSLCOUAWJXAUMMEQ" X-Archives-Salt: 3ffa8c59-edbb-47cf-a01c-6a92b44c807b X-Archives-Hash: 47d59b5a72c92e6d506319a92d02da98 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2FJSUUSLCOUAWJXAUMMEQ Content-Type: multipart/alternative; boundary="------------050906020002000807080002" This is a multi-part message in MIME format. --------------050906020002000807080002 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 05/22/2013 02:30 PM, Samuraiii wrote: > > On 2013-05-22 19:52, Michael Mol wrote: >> On 05/22/2013 01:36 PM, Michael Orlitzky wrote: >>> On 05/22/13 12:36, Samuraiii wrote: >>>> Hello, >>>> >>>> I am trying to get hostname address resolution on my LAN and VPN wit= h >>>> one serious problem: >>>> I have two "networks" eg. 10.1.1.0 and 10.2.2.0 which are representi= ng >>>> local address space for LAN (10.1.1.0/8) and VPN address space (10.2= =2E2.0/8). >>> This isn't two networks, it's one network and you've got the VPN spac= e >>> overlapping the LAN space. To oversimplify a little, Don't Do That. >>> >>> Use a separate subnet for the VPN. Then traffic to the VPN will be >>> routed over the VPN interface as intended, but traffic to the LAN wil= l >>> be routed over the LAN interface. This is what you want, but right no= w >>> the VPN and the LAN are the same network, so "routing to the LAN" is = the >>> same as "routing to the VPN", and your network stack doesn't know wha= t >>> to do with it. >>> >>> >> To be clear, replacing /8 with /24 would do this: >> >> 10.1.1.0/8, as a "network", is really just 10.0.0.0/8. This is also tr= ue >> of 10.2.2.0/8. The bits after the first 8 are irrelevant, since a /8 i= s >> being used. Use /24 instead, in this case. >> >> It would be good for Samuraiii to read up: >> >> http://www.tcpipguide.com/free/t_IPAddressing.htm >> >> > I'm sorry for mistake the subnet mask for both spaces IS 255.255.255.0.= > so it is not overlapping at all. > I apologise for my mistake in notation. > still this is not (mainly) problem with routing but problem with > assigning name to address. > If I had superfast internet connection I would not mind and just use > vpn address space. > So basically i need to assign lan address to computer (laptop) which > is in same location (LAN) as other machines. And vpn address on all > other computers. > > to illustrate: > > hostname: foo > Location:1 > address eth0: 10.1.1.3 > address tap0: 10.2.2.3 > > hotname: bar > Location: 1 > addresses are irrelevant > hosts entry for foo is 10.1.1.3 *(this is what I want to update if foo > moves to location 2 to 10.2.2.3)* > > hosname baz > Location: 2 > addresses are irrelevant > Hosts entry for foo is 10.2.2.3 *(this is what I want to update if foo > moves to location 2 to 10.1.1.3)* > > Thank you or patience > S > > What you're trying to accomplish is painfully difficult with IPv4. (If you were using IPv6, I'd just point you at gai.conf, but AFAIK there is no analog for IPv4.) You may be far better served using a different VPN topology. (i.e. n2n+IPsec, or having a VPN routing point at your network gateway) (That said, if anyone knows a better way to do this, I'll be taking notes, too...) --------------050906020002000807080002 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On 05/22/2013 02:30 PM, Samuraiii wrote:

On 2013-05-22 19:52, Michael Mol wrote:
On 05/22/2013 01:36 PM, Michael Orlitzky wrote:

On 05/22/13 12:36, Samuraiii wrote:

Hello,

I am trying to get hostname address resolution on my LAN and VPN with
one serious problem:
I have two "networks" eg. 10.1.1.0 and 10.2.2.0 which are representing
local address space for LAN (10.1.1.0/8) and VPN address space (10.2.2.0/=
8).

This isn't two networks, it's one network and yo=
u've got the VPN space
overlapping the LAN space. To oversimplify a little, Don't Do That.

Use a separate subnet for the VPN. Then traffic to the VPN will be
routed over the VPN interface as intended, but traffic to the LAN will
be routed over the LAN interface. This is what you want, but right now
the VPN and the LAN are the same network, so "routing to the LAN" is the
same as "routing to the VPN", and your network stack doesn't know what
to do with it.



To be clear, replacing /8 with /24 would do this:

10.1.1.0/8, as a "network", is really just 10.0.0.0/8. This is also true
of 10.2.2.0/8. The bits after the first 8 are irrelevant, since a /8 is
being used. Use /24 instead, in this case.

It would be good for Samuraiii to read up:

http://www.tcpipguide.com/f=
ree/t_IPAddressing.htm
I'm sorry for mistake the subnet mask for both spaces IS 255.255.255.0.
so it is not overlapping at all.
I apologise for my mistake in notation.
still this is not (mainly) problem with routing but problem with assigning name to address.
If I had superfast internet connection I would not mind and just use vpn address space.
So basically i need to assign lan address to computer (laptop) which is in same location (LAN) as other machines. And vpn address on all other computers.

to illustrate:

hostname: foo
Location:1
address eth0: 10.1.1.3
address tap0: 10.2.2.3

hotname: bar
Location: 1
addresses are irrelevant
hosts entry for foo is 10.1.1.3 *(this is what I want to update if foo moves to location 2 to 10.2.2.3)*

hosname baz
Location: 2
addresses are irrelevant
Hosts entry for foo is 10.2.2.3 *(this is what I want to update if foo moves to location 2 to 10.1.1.3)*

Thank you or patience
S



What you're trying to accomplish is painfully difficult with IPv4. (If you were using IPv6, I'd just point you at gai.conf, but AFAIK there is no analog for IPv4.)

You may be far better served using a different VPN topology. (i.e. n2n+IPsec, or having a VPN routing point at your network gateway)
=
(That said, if anyone knows a better way to do this, I'll be taking notes, too...)
--------------050906020002000807080002-- ------enig2FJSUUSLCOUAWJXAUMMEQ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRnRERAAoJED5TcEBdxYwQ2boIAIlXJYza/DbYMZZMcy90tn/J XHWawgBl7/M/T7XoQNsm8jzQcd3+LorTXgT38e49Bfd7QKpygXp0nRM7matYRYeZ wxM5OtiQ2uQDlehn+tUGp0RAyTDNX6MHgydkaGfFJOq+bR6yJUt7mbR8q+GYFeRS /RLy218plGuaimSEk1mVmlsk1mNdXAH5ONx/BfJUr/NmOF7AsmGMEgx+RlbAe522 2fvr3SoQg5ZBSAjKg7FtuO+oHobv+wwzcOkZTalU6PC415ltSARSXBEhcNCNL8l2 qbDO00qIv8hjkx2GmU4XY8jPOfUGOyXivDSIXwnNTpsQGMBL0E7+NrINe5kzITA= =ixpU -----END PGP SIGNATURE----- ------enig2FJSUUSLCOUAWJXAUMMEQ--