Gregory Nowak wrote: > Yes. So from all this, what I said still stands. The laptop would get > a private address from the VPN. Yes. > The public address assigned to the laptop would actualy be > configured on the VPS, Hmm... No. Sorry. Doesn't make sense. The public address assigned to the laptop would probably be yet another private address behind a NAT somewhere. > and the VPS would be doing NAT between the private address of the > laptop, and the public address assigned to the laptop, but > configured on the VPS itself. If you understand this then please keep going. But the description doesn't make sense to me. > In a nutshell, the laptop would have a private address assigned to > it, but all traffic to and from the laptop would actually be using > the public address assigned to it, which itself would be configured > on the VPS. One of the often hit traps is that people often think, start up DHCP on the mobile client. Then start up the VPN. Then change the routing so that 100% of all traffic goes through the VPN. Sounds great. Except that it can't work. The mobile device needs to transport the VPN traffic over the non-VPN routed network. And the mobile client needs to have DHCP available which will periodically need to interact with the local dhcp server and renew its leases. Routing all client traffic (including web-traffic) through the VPN http://openvpn.net/index.php/open-source/documentation/howto.html#redirect I would consider setting up proxy arp on the server. Set it up to proxy for the IP address but do not configure it to own the IP address. Here is a reference. Proxy ARP http://shorewall.net/ProxyARP.htm I read back but didn't see anywhere that you said what services you wanted. "All" I suppose. But if it were just one or two such as a web service then I would simply proxy that one service. For example on the server you could set up Apache with a proxy configuration and have it use the private vpn address of the mobile client. # Transparently proxy the pages. ProxyRequests Off RewriteEngine On <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /foo http://10.20.30.40/foo ProxyPassReverse /foo http://10.20.30.40/foo Then the world knows about your server. Your server knows about your vpn address of your mobile client. Your server passes web data back and forth between. Works well. I use this all of the time. (But not to my mobile devices. To other servers behind the main server. But it is the same thing.) Bob
Attachment:
signature.asc
Description: Digital signature