Re: Share VPN connection

[Ron Leach <ronleach@tesco.net>]

On 30/11/2013 20:22, François Fayard wrote:
> Without the VPN, route gives :
>
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> default         livebox.home    0.0.0.0         UG    0      0        0 eth1
> 10.42.0.0       *               255.255.255.0   U     0      0        0 eth0
> 192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
>
> With the VPN, route gives :
>
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> default         *               0.0.0.0         U     0      0        0 ppp0
> 10.42.0.0       *               255.255.255.0   U     0      0        0 eth0
> strong-mf35.rel 192.168.1.1     255.255.255.255 UGH   0      0        0 eth1
> strong-mf35.rel 192.168.1.1     255.255.255.255 UGH   0      0        0 eth1
> 129.189.255.173 *               255.255.255.255 UH    0      0        0 ppp0
this seems to be the reverse of what was in ifconfig for ppp0.  I'm 
not sure if that is correct.

> 192.168.1.0     *               255.255.255.0   U     0      0        0 eth1

I notice that your shared eth1 local LAN network is using
192.168.1.0/24,
and your machine's IP address on eth1 is 192.168.1.30.

That address, 192.168.1.30, will be the local LAN's gateway to your 
external VPN.  So check that all the other machines have a gateway 
setting of 192.168.1.30.

I'm a bit surprised to see the VPN *also* has a route in the 
192.168.1.0/24 range.  I would have expected the VPN to be a different 
subnet.  I don't know how people set up VPNs but I guess there's some 
kind of decision about IP addresses hosts must have.  If your eth1 
physical network is using 192.168.1.0/24, and the VPN is using that 
also, I don't think that will work.  But, Francois, I am not sure, I 
have not set up VPNs.  We need someone who knows more to step in.

I think the problem is a routing gateway; and I am suspicious of the 
'*' entry on the default line.  My guess is that the default route 
should not be *, should not be 192.168.1.anything, but should be 
something like the ppp0 far end address, which is 173.255.189.129 .

I don't think you should change anything based on my sayso but, 
instead, if you could re-check the instructions you followed to set up 
the VPN, and try to make sure your VPN does not co-incide with the 
your local LAN subnet, I think that might help.

Also, be clear what
(a) the address is that the other machines use to reach your Debian 
system (that is the 'gateway' address for them), and
(b) it should be a different gateway address from the 'gateway 
address' that your Debian machine uses for its gateway
(c) and the gateway address address that your debian machine uses 
should be on the default route line in the route table, I believe.
(d) and your VPN should be on a different IP address subnet from the 
local LAN subnet

I'm not expert in VPNs - they are slightly more complex than basic net 
to net routing where different nets are on different interfaces, but 
these are my suggestions.  I hope that others with deeper knowledge of 
VPNs would chime in, because I am not sure that all I have said here 
is necessary.  But recheck your guidance notes, keeping in mind these 
points.

regards, Ron