Re: Share VPN connection

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Re: Share VPN connection
From: François Fayard <fayard.internet@gmail.com>
Date: Sun, 1 Dec 2013 18:11:37 +0100
Message-id: <[🔎] BEDEAA94-1AA5-448C-8A34-4DB44C4D0D55@gmail.com>
In-reply-to: <CAOsGNST71O=zS3=How-ZW1s=0oEkK-YW2rtVXLhMnsB6ctDSXg@mail.gmail.com>
References: <04B33A9D-1239-4FE3-9D21-9182EAFA80DD@gmail.com> <529A4386.4010503@tesco.net> <BBBB6B36-C62D-41E4-8571-22378F879E47@gmail.com> <529A53C9.2060400@tesco.net> <CAOsGNST71O=zS3=How-ZW1s=0oEkK-YW2rtVXLhMnsB6ctDSXg@mail.gmail.com>

Hi,

I finally got it to work using the same steps as before. I have no idea why it works now and it did not use too.

Thanks for all you help.
François

On Nov 30, 2013, at 23:51 , Zenaan Harkness <zen@freedbms.net> wrote:

> On 12/1/13, Ron Leach <ronleach@tesco.net> wrote:
>> On 30/11/2013 20:22, François Fayard wrote:
> 
> Francois, it might be useful if you let us know what software you are
> using to set up the vpn.
> 
> To set up NAT ("ICS") I use a little nat-enable shell script:
> ---
> #!/bin/sh
> wan=eth2
> echo "NOTE: external/WAN Internet facing device is set to:"
> echo "      $wan"
> echo "1" > /proc/sys/net/ipv4/ip_forward
> iptables -t nat -A POSTROUTING -o $wan -j MASQUERADE
> #iptables -A FORWARD -i $wan -o eth1 -m state \
> # --state RELATED,ESTABLISHED -j ACCEPT
> #iptables -A FORWARD -i eth1 -o $wan -j ACCEPT
> echo "NAT enabled for $wan"
> ---
> 
> So after establishing your vpn as ppp0, you would probably need to
> re-run the above script (on the vpn gateway host) with "wan=ppp0" line
> in the above script.
> 
> However, we are kind of grasping at straws here, because we don't know
> how you're setting up NAT, or your VPN.
> 
>> I think the problem is a routing gateway; and I am suspicious of the
>> '*' entry on the default line.  My guess is that the default route
>> should not be *, should not be 192.168.1.anything, but should be
>> something like the ppp0 far end address, which is 173.255.189.129 .
> 
> Yes.
> 
> But, is ppp0 likely to include the "private" part of VPN?
> 
> I would with eg OpenVPN expect tun0, not ppp0.
> 
> Which Linux-based VPN software encrypts over ppp0 device?
> 
>> Also, be clear what
>> (a) the address is that the other machines use to reach your Debian
>> system (that is the 'gateway' address for them), and
> 
>> (b) it should be a different gateway address from the 'gateway
>> address' that your Debian machine uses for its gateway
> 
>> (c) and the gateway address that your debian machine uses
>> should be on the default route line in the route table, I believe.
> This sounds ambiguous. Let's say:
> After establishing your VPN on your local-LAN gateway host, it's
> default route should be the address of the far-end of the VPN link;
> and that routing table will still need specific routes (the VPN
> software/config should set this up).
> 
>> (d) and your VPN should be on a different IP address subnet from the
>> local LAN subnet
> Definitely.
> 
> e) be clear on the difference between PTPP tunnelling link,
> unencrypted, which looks acts and quacks like a VPN-duck to the other
> machines on your local LAN, as compared to a true VPN, which also
> encrypts the tunnel.
> 
> f) also, make sure you update your NAT firewall rule after bringing up your VPN
> 
> Good luck
> Zenaan
> 
> 
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/CAOsGNST71O=zS3=How-ZW1s=0oEkK-YW2rtVXLhMnsB6ctDSXg@mail.gmail.com
>

Reply to:

Prev by Date: Re: 0.7.46 changelog: Change /run/network ownership to root:netdev.
Next by Date: Re: A rookie's query: Want to about Debian and the related
Previous by thread: Re: Share VPN connection
Next by thread: Firestarter Events always empty
Index(es):
- Date
- Thread