Gregory Nowak wrote:
> Yes. So from all this, what I said still stands. The laptop would get
> a private address from the VPN.
Yes.
> The public address assigned to the laptop would actualy be
> configured on the VPS,
Hmm... No. Sorry. Doesn't make sense. The public address assigned
to the laptop would probably be yet another private address behind a
NAT somewhere.
> and the VPS would be doing NAT between the private address of the
> laptop, and the public address assigned to the laptop, but
> configured on the VPS itself.
If you understand this then please keep going. But the description
doesn't make sense to me.
> In a nutshell, the laptop would have a private address assigned to
> it, but all traffic to and from the laptop would actually be using
> the public address assigned to it, which itself would be configured
> on the VPS.
One of the often hit traps is that people often think, start up DHCP
on the mobile client. Then start up the VPN. Then change the
routing so that 100% of all traffic goes through the VPN. Sounds
great. Except that it can't work. The mobile device needs to
transport the VPN traffic over the non-VPN routed network. And the
mobile client needs to have DHCP available which will periodically
need to interact with the local dhcp server and renew its leases.
Routing all client traffic (including web-traffic) through the VPN
http://openvpn.net/index.php/open-source/documentation/howto.html#redirect
I would consider setting up proxy arp on the server. Set it up to
proxy for the IP address but do not configure it to own the IP
address. Here is a reference.
Proxy ARP
http://shorewall.net/ProxyARP.htm
I read back but didn't see anywhere that you said what services you
wanted. "All" I suppose. But if it were just one or two such as a
web service then I would simply proxy that one service. For example
on the server you could set up Apache with a proxy configuration and
have it use the private vpn address of the mobile client.
# Transparently proxy the pages.
ProxyRequests Off
RewriteEngine On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /foo http://10.20.30.40/foo
ProxyPassReverse /foo http://10.20.30.40/foo
Then the world knows about your server. Your server knows about your
vpn address of your mobile client. Your server passes web data back
and forth between. Works well. I use this all of the time. (But not
to my mobile devices. To other servers behind the main server. But
it is the same thing.)
Bob
Attachment:
signature.asc
Description: Digital signature