Re: Share VPN connection

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Re: Share VPN connection
From: Zenaan Harkness <zen@freedbms.net>
Date: Sun, 1 Dec 2013 09:51:04 +1100
Message-id: <[🔎] CAOsGNST71O=zS3=How-ZW1s=0oEkK-YW2rtVXLhMnsB6ctDSXg@mail.gmail.com>
In-reply-to: <[🔎] 529A53C9.2060400@tesco.net>
References: <[🔎] 04B33A9D-1239-4FE3-9D21-9182EAFA80DD@gmail.com> <[🔎] 529A4386.4010503@tesco.net> <[🔎] BBBB6B36-C62D-41E4-8571-22378F879E47@gmail.com> <[🔎] 529A53C9.2060400@tesco.net>

On 12/1/13, Ron Leach <ronleach@tesco.net> wrote:
> On 30/11/2013 20:22, François Fayard wrote:

Francois, it might be useful if you let us know what software you are
using to set up the vpn.

To set up NAT ("ICS") I use a little nat-enable shell script:
---
#!/bin/sh
wan=eth2
echo "NOTE: external/WAN Internet facing device is set to:"
echo "      $wan"
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o $wan -j MASQUERADE
#iptables -A FORWARD -i $wan -o eth1 -m state \
# --state RELATED,ESTABLISHED -j ACCEPT
#iptables -A FORWARD -i eth1 -o $wan -j ACCEPT
echo "NAT enabled for $wan"
---

So after establishing your vpn as ppp0, you would probably need to
re-run the above script (on the vpn gateway host) with "wan=ppp0" line
in the above script.

However, we are kind of grasping at straws here, because we don't know
how you're setting up NAT, or your VPN.

> I think the problem is a routing gateway; and I am suspicious of the
> '*' entry on the default line.  My guess is that the default route
> should not be *, should not be 192.168.1.anything, but should be
> something like the ppp0 far end address, which is 173.255.189.129 .

Yes.

But, is ppp0 likely to include the "private" part of VPN?

I would with eg OpenVPN expect tun0, not ppp0.

Which Linux-based VPN software encrypts over ppp0 device?

> Also, be clear what
> (a) the address is that the other machines use to reach your Debian
> system (that is the 'gateway' address for them), and

> (b) it should be a different gateway address from the 'gateway
> address' that your Debian machine uses for its gateway

> (c) and the gateway address that your debian machine uses
> should be on the default route line in the route table, I believe.
This sounds ambiguous. Let's say:
After establishing your VPN on your local-LAN gateway host, it's
default route should be the address of the far-end of the VPN link;
and that routing table will still need specific routes (the VPN
software/config should set this up).

> (d) and your VPN should be on a different IP address subnet from the
> local LAN subnet
Definitely.

e) be clear on the difference between PTPP tunnelling link,
unencrypted, which looks acts and quacks like a VPN-duck to the other
machines on your local LAN, as compared to a true VPN, which also
encrypts the tunnel.

f) also, make sure you update your NAT firewall rule after bringing up your VPN

Good luck
Zenaan

Reply to:

Follow-Ups:
- Re: Share VPN connection
  - From: Zenaan Harkness <zen@freedbms.net>

References:
- Share VPN connection
  - From: François Fayard <fayard.internet@gmail.com>
- Re: Share VPN connection
  - From: Ron Leach <ronleach@tesco.net>
- Re: Share VPN connection
  - From: François Fayard <fayard.internet@gmail.com>
- Re: Share VPN connection
  - From: Ron Leach <ronleach@tesco.net>

Prev by Date: Re: apparently they somehow have their adler32 cake as part of Debian Linux ...
Next by Date: Re: Share VPN connection
Previous by thread: Re: Share VPN connection
Next by thread: Re: Share VPN connection
Index(es):
- Date
- Thread