Recently, I bought a Cisco 3620 router with two Ethernet interfaces. I could’ve easily used one laptop running Linux/*BSD with two NICs, but I was planning to study IOS. My plan was to connect another laptop (172.16.1.2) to my existing network. I also access my computers from outside using OpenVPN so I wanted to be able to access the new laptop with its internal IP. The image below briefly shows my wanted configuration.
First, I installed the router. I connected one cable from Eth0/0 to the Cisco switch where all computers have 192.168.1.0/24 IP range. The second cable went from Eth0/1 interface on the router to another Netgear switch. I connected my laptop to this switch and assigned it a static IP of 172.16.1.2. Next, I configured my Cisco router. This is a very simple configuration but it suits my needs.
router> ena router# conf t router(config)# int Eth0/0 router(config-if)# ip address 192.168.1.11 255.255.255.0 router(config-if)# no shut router(config-if)# int Eth0/1 router(config-if)# ip address 172.16.1.1 255.255.0.0 router(config-if)# no shut router(config-if)# router igrp 1 router(config-rou)# network 192.168.1.0 router(config-rou)# network 172.16.0.0 router(config-rou)# CTRL-Z
After this, I was able to ping both 192.168.1.1 and 172.16.1.2 from the router. But, when I tried to ping 172.16.1.1 (Cisco 3600 router) from 192.168.1.1 (FreeBSD server), I was getting no response. That’s because, there is no route to 172.16.1.1. In order to make this happen, I have to do this on the FreeBSD box (192.168.1.1):
route add -net 172.16.0.0/16 192.168.1.11
Which means, “If I have to reach 172.16.0.0 network, use 192.168.1.11 as a gateway, not the default one.” In order this change to be permanent, I added the following in /etc/rc.conf:
# Static route to 172.16.0.0/16 static_routes="internal1" route_internal1="-net 172.16.0.0/16 192.168.1.11"
You can check your route with “netstat -rn” on FreeBSD and Mac OS X and with “route print” on Windows.
Because I made this change on 192.168.1.1 which is a default router for all my computers on 192.168.1.0/24 subnet, I don’t have to go to each one of them and change the router settings. So, when I do ping 172.16.1.2 on a computer with 192.168.1.3 IP and 192.168.1.1 as a gateway, the gateway (FreeBSD box) simply forwards these packets to 192.168.1.11 (Cisco 3600 router).
I went back to 172.16.1.2 computer and I confirmed that I can ping 192.168.1.1. There is no need to change routes on this network, because they use 172.16.1.1 as a gateway which knows how to route to 192.168.1.0/24. Mind that 192.168.1.0/24 network is using two routes. One for the outside world (192.168.1.1) and one to access 172.16.0.0/16 network.
Once I confirmed that I can route between two networks, I went back to Cisco router and added the following command:
router(config)# ip route 10.8.0.0 255.255.0.0 192.168.1.1
which is very similar to route add -net. It means, use 192.168.1.1 as a gateway to reach 10.8.0.0/16 network.
I also had to add the following line in openvpn.conf on the OpenVPN server (192.168.1.1):
push "route 192.168.1.0 255.255.255.0" # Line below was added push "route 172.16.0.0 255.255.0.0"
Once this was done, I was able to access any device on my network.
