My server has two NICs connected to two different network segments: 172.16.1.1/24 via enp4s0
and 192.168.1.1/24 via br0
. Both network segments have a VPN server for remote access.
The problem is the VPN clients of the 192.168.1.0/24
is unable to access the services host on the machine.
Wireshark package capturing suggests that the ping from VPN clients is received from 10.0.1.0/24 br0
, but is replied through 172.16.1.1 enp4s0
.
The ip r
command prints:
1 |
|
Since the host has no routing information of VPN segments, all packets to 10.0.1.0/24
is sent to default gateway.
The solution is to manually add static routes that allows the host sending packages to two VPN segments via the correct gateway.
In Ubuntu server, edit /etc/netplan/50-cloud-init.yaml
:
Add static routes for the VPNs to each interface.
1 |
|
Test the settings with netplan try
, which automatically revert the change after 120 seconds. Press the enter to apply the configureation.
ip r
now prints
1 |
|
VPN clients of both network now is able to access the services host on the server.