Cannot not ping LAN adresses via site-to-site configuration

nokelw · April 5, 2024, 9:32pm

Computer A:
Local Addres 192.168.1.100/24
ZeroTier address 10.144.5.101

Computer B:
Local Address 192.168.2.100/24
ZeroTier address 10.144.5.102

Managed routes:
192.168.1.0/24 via 10.144.5.102
192.168.2.0/24 via 10.144.5.101

Ping 192.168.1.50 ↔ 192.168.2.50 is working
Ping 192.168.1.100 ↔ 192.168.2.100 is working
Ping 192.168.1.100 → 192.168.2.50 is NOT working
Ping 192.168.2.100 → 192.168.1.50 is NOT working
Ping 192.168.2.50 → 192.168.1.100 is working
Ping 192.168.1.50 → 192.168.2.100 is working

Everything else is working but the computer A cannot connect any other computers on B network except the ZeroTier node 192.168.2.100. The computer B cannot connect any other computers on B network except the ZeroTier node 192.168.1.100.

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         _gateway        0.0.0.0         UG    100    0        0 enp2s0
10.144.5.0      0.0.0.0         255.255.255.0   U     0      0        0 ztzlghaur3
link-local      0.0.0.0         255.255.0.0     U     1000   0        0 enp2s0
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 enp2s0
192.168.2.0    10.144.5.101    255.255.255.0   UG    5000   0        0 ztzlghaur3


Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         _gateway	0.0.0.0         UG    100    0        0 eth0
10.144.5.0      0.0.0.0         255.255.255.0   U     0      0        0 ztzlghaur3
192.168.1.0     10.144.5.102    255.255.255.0   UG    5000   0        0 ztzlghaur3
192.168.2.0    0.0.0.0         255.255.255.0   U     100    0        0 eth0

zt-travis · April 5, 2024, 9:41pm

ip route get 192.168.1.50 might help debug

nokelw · April 5, 2024, 10:00pm

From computer B.

ip route get 192.168.1.50
192.168.1.50 via 10.144.5.101 dev ztzlghaur3 src 10.144.5.102 uid 0
    cache

zt-travis · April 5, 2024, 10:13pm

Is that right? You’ll probably want to check on all 4 involved machines.

you can open
tcpdump -n -i any net 10.144.5.0/24 and icmp
on all 4 machines and see where it’s failing
that might work

or just traceroute -n <ip> from either end

zt-travis · April 6, 2024, 5:32am

Sorry, are those 192.168.1.100 and 192.168.2.100 nodes the default gateways for their LANs?

If not, they need to masquerade, or the default gateways needs the routes added. (The return traffic doesn’t know how to get back.)

nokelw · April 6, 2024, 8:48am

These are the added routes on my routers.

Router 192.168.1.1
192.168.2.0    192.168.1.100     255.255.255.0   UG       1      0        0 LAN  br0

Router 192.168.2.1
192.168.1.0     192.168.2.100  255.255.255.0   UG       1      0        0 LAN  br0

You are right. Thanks for helping me! When the computer B 192.168.2.100 (10.144.5.102) pings IP address 192.168.1.50, source address is set to 10.144.5.102 and my router 192.168.1.1 doesn’t know that reply to 10.144.5.102 should be routed to 192.168.1.100.

After adding routes for network 10.144.5.0 connections work.

Router 192.168.1.1
192.168.2.0    192.168.1.100     255.255.255.0   UG       1      0        0 LAN  br0
10.144.5.0    192.168.1.100     255.255.255.0   UG       1      0        0 LAN  br0

Router 192.168.2.1
192.168.1.0     192.168.2.100  255.255.255.0   UG       1      0        0 LAN  br0
10.144.5.0     192.168.2.100  255.255.255.0   UG       1      0        0 LAN  br0

I think it would be better if the computer B 192.168.2.100 (10.144.5.102) used the 192.168.2.100 as a source address because the other devices on the network 192.168.2.0 are seens as 192.168.2.xxx on the network 192.168.1.0.