Problem

My server has two NICs connected to two different network segments: 172.16.1.1/24 via enp4s0 and 192.168.1.1/24 via br0. Both network segments have a VPN server for remote access.

The problem is the VPN clients of the 192.168.1.0/24 is unable to access the services host on the machine.

Analysis

Wireshark package capturing suggests that the ping from VPN clients is received from 10.0.1.0/24 br0, but is replied through 172.16.1.1 enp4s0.

The ip r command prints:

default via 172.16.1.1 dev enp4s0 proto dhcp metric 100 
172.16.1.0/24 dev enp4s0 proto kernel scope link src 172.16.1.100 metric 100 
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.100

Since the host has no routing information of VPN segments, all packets to 10.0.1.0/24 is sent to default gateway.

Solution

The solution is to manually add static routes that allows the host sending packages to two VPN segments via the correct gateway.

In Ubuntu server, edit /etc/netplan/50-cloud-init.yaml:

Add static routes for the VPNs to each interface.

network:
    ethernets:
        ens4s0:
            dhcp4: true
            dhcp6: true
            optional: true
            routes:
            - to: 10.0.0.0/24
              via: 172.16.1.1
        enp0s31f6:
            dhcp4: true
            dhcp6: true
            optional: true
            routes:
            - to: 10.0.1.0/24
              via: 192.168.1.1
    version: 2

Test the settings with netplan try, which automatically revert the change after 120 seconds. Press the enter to apply the configureation.

ip r now prints

default via 172.16.1.1 dev enp4s0 proto dhcp metric 100 
10.0.0.0/24 via 172.16.1.1 dev enp4s0 
10.0.1.0/24 via 192.168.1.1 dev br0 
172.16.1.0/24 dev enp4s0 proto kernel scope link src 172.16.1.100 metric 100 
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.100

VPN clients of both network now is able to access the services host on the server.

References

• How to set static routes in Ubuntu Server?
• How to add permanent static routes in Ubuntu Linux

Author: Nobody

License: CC BY-NC-SA 4.0

Link: https://asdasd.page/2022/A-Fix-to-Unable-to-Host-Service-On-Server-with-Multiple-NIC/