I am using Ubuntu Server 22.04 for the Virtual Router Operating System. It is a bare metal system with three ethernet interfaces.
Connection to the three interfaces are listed below:
- External Network
- 802.1q VlAN via Smart Switch
The 802.1q VLAN is responsible for setting up a private network with three subnets:
- 10.2.1.1/16
- 10.4.1.1/16
- 10.6.1.1/16
Inside the private network I am running CloudStack which is an opensource cloud computing platform. One of the IPs in the private network 10.4.2.3 is being used by CloudStack to create another virtual router for setting up the CloudStack internal network.
There is a VPN running on the system at 10.4.2.3, that I want to connect to from the virtual router, so that I can have access to the resources running within the CloudStack network.
I am thinking it would be wiser to use a separate ethernet interface for the VPN connection. So I added a third interface to the Ubuntu 22.04 BareMetal victual router - 10.4.1.4.
The BareMetal Ubuntu 22.04 Virtual router netplan configuration (with the third interface):
network:
version: 2
renderer: networkd
ethernets:
enx7cc2c642ce1f:
addresses:
- 10.4.1.4/16
routes:
- to: 0.0.0.0
via: 10.4.1.1
nameservers:
addresses:
- 10.4.1.1
eno1:
addresses:
- 10.1.1.231/24
routes:
- to: 0.0.0.0
via: 10.1.1.251
nameservers:
addresses:
- 10.1.1.23
- 10.1.1.22
enx7cc2c6436994:
dhcp4: false
addresses:
- 10.2.1.1/16
vlans:
vlan.401:
id: 401
dhcp4: false
addresses:
- 10.4.1.1/15
link: enx7cc2c6436994
vlan.601:
id: 601
dhcp4: false
addresses:
- 10.6.1.1/16
link: enx7cc2c6436994
The IP Route Table on the system:
0.0.0.0 via 10.4.1.1 dev enx7cc2c642ce1f proto static
0.0.0.0 via 10.1.1.251 dev eno1 proto static
default via 10.1.1.251 dev eno1 proto dhcp src 10.1.1.191 metric 100
10.1.1.0/24 dev eno1 proto kernel scope link src 10.1.1.231
10.1.1.22 dev eno1 proto dhcp scope link src 10.1.1.191 metric 100
10.1.1.23 dev eno1 proto dhcp scope link src 10.1.1.191 metric 100
10.1.1.251 dev eno1 proto dhcp scope link src 10.1.1.191 metric 100
blackhole 10.1.48.64/26 proto 80
10.1.48.86 dev cali0327d21449c scope link
10.2.0.0/16 dev enx7cc2c6436994 proto kernel scope link src 10.2.1.1
10.4.0.0/16 dev enx7cc2c642ce1f proto kernel scope link src 10.4.1.4
10.4.0.0/15 dev vlan.401 proto kernel scope link src 10.4.1.1
10.6.0.0/16 dev vlan.601 proto kernel scope link src 10.6.1.1
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
I am following the guide provided here for setting up a VPN client:
https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md?fbclid=IwAR2k6AG5Qz_xbMaCSg90z9ApC9WZPGsmbYVF_9UPFhzML2vvPz4bqF33Iic#linux
The guide requires me to add two routes to my IP routing table.
- route add YOUR_LOCAL_PC_PUBLIC_IP gw X.X.X.X
- route add default dev ppp0
For the gateway the guide suggest to use the default gateway. However, as the system I am trying to setup the VPN connection on is a virtual router, the default gateway belongs to the external network which is not the network in which the VPN server is running. The gateway for the network of the VPN server is 10.4.1.1 (it is a network created by the virtual router)
The IP for the VPN server is 10.4.2.3 and I can ping 10.4.2.3 from the virtual router.
As a result the IP routes I added are:
- route add 10.4.2.3 gw 10.4.1.1
- route add default dev ppp0
However when I try to add the second route, I get the following error message:
SIOCADDRT: No such device
I tried setting the VPN connection using the same guide, on fresh Ubuntu 22.04 server running on the 10.4.1.1/16 network and that works as expected.
The only difference is, I am using the default gateway on the fresh Ubuntu system, as the default gateway for the fresh Ubuntu System is 10.4.1.1.
Any suggestions would be greatly appreciated.
