This is the network configuration I have:
+-------------------------------------------------+ +===========+
| | | |
| INTERNET |---| LINUXBOX2 |
| | | |
+-------------------------------------------------+ +===========|
| |
| |
+=========+ +=========+
| | | |
| ROUTER1 | | ROUTER2 |
| | | |
+=========+ +=========+
10.10.100.1| |10.10.201.254 10.10.202.254| |10.10.101.1
| | | |
+-----------+ | | +-----------+
| VPN1 | | | | VPN2 |
| | | | | |
|10.10.100.0| | | |10.10.101.0|
+-----------+ | +=====================+ | +-----------+
| | LINUXBOX1 | |
| | | |
+-----|eth1 eth2|-----+
10.10.201.1| |10.10.202.1
| eth0 |
+=====================+
|10.10.200.1
|
|
+-----------+
| LOCAL NET |
| |
|10.10.200.0|
+-----------+
where VPN1 and VPN2 are two VPNs managed by the corresponding routers.
Each router has its own public and private IP and they both are gateways to the internet.
LINUXBOX1 is connected to three private networks, and it is itself a gateway to the internet for any LOCALNET machine.
Finally, connected to the internet we also have a road warrior machine (LINUXBOX2).
##########
### Goal ###
##########
My goal is to be able to:
1) ssh from LINUXBOX2 to any of the two routers and be forwarded to LINUXBOX1 in both cases,
2) ping any private IP from a machine connected to any private subnetwork (VPN1, VPN2, LOCALNET).
######################
### Network Configuration ###
######################
# ROUTER1 (asus rtn66u) #
routing table:
10.10.200.0 via 10.10.201.1
10.10.202.0 via 10.10.201.1
10.10.101.0 via 10.10.201.1
port forwarding:
incoming SSH connections forwarded to 10.10.201.1
# ROUTER2 (asus rtac3200) #
routing table:
10.10.200.0 via 10.10.202.1
10.10.201.0 via 10.10.202.1
10.10.100.0 via 10.10.202.1
port forwarding:
incoming SSH connections forwarded to 10.10.202.1
# LINUXBOX1 #
cat /etc/iproute2/rt_tables
#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
1 rtac3200
cat /etc/network/interfaces.d/eth0.cfg
allow-hotplug eth0
iface eth0 inet static
address 10.10.200.1
netmask 255.255.255.0
cat /etc/network/interfaces.d/eth1.cfg
allow-hotplug eth1
iface eth1 inet static
address 10.10.201.1
netmask 255.255.255.0
gateway 10.10.201.254
cat /etc/network/interfaces.d/eth2.cfg
allow-hotplug eth2
iface eth2 inet static
address 10.10.202.1
netmask 255.255.255.0
### static routing (part 1) ###
post-up route add -net 10.10.101.0 netmask 255.255.255.0 gw 10.10.202.254
pre-down route del -net 10.10.101.0 netmask 255.255.255.0 gw 10.10.202.254
### static routing (part 2) ###
post-up ip route add 10.10.202.0/24 dev eth2 src 10.10.202.1 table rtac3200
post-up ip route add default via 10.10.202.254 dev eth2 table rtac3200
post-up ip rule add from 10.10.202.1/32 table rtac3200
post-up ip rule add to 10.10.202.1/32 table rtac3200
############
### Results ###
############
If I enable "static routing (part 2)" I can ssh into LINUXBOX1 from LINUXBOX2 via either router but any ping coming from VPN1 or LOCALNET to 10.10.202.1 does not get answered.
If I disable "static routing (part 2)" I cannot ssh into LINUXBOX1 from LINUXBOX2 via ROUTER2 but any ping coming from VPN1, VPN2 or LOCALNET to 10.10.202.1 does get answered.
#############
### Question ###
#############
How can I fully achieve my goal?