Re: Share VPN connection
Hi,
I finally got it to work using the same steps as before. I have no idea why it works now and it did not use too.
Thanks for all you help.
François
On Nov 30, 2013, at 23:51 , Zenaan Harkness <zen@freedbms.net> wrote:
> On 12/1/13, Ron Leach <ronleach@tesco.net> wrote:
>> On 30/11/2013 20:22, François Fayard wrote:
>
> Francois, it might be useful if you let us know what software you are
> using to set up the vpn.
>
> To set up NAT ("ICS") I use a little nat-enable shell script:
> ---
> #!/bin/sh
> wan=eth2
> echo "NOTE: external/WAN Internet facing device is set to:"
> echo " $wan"
> echo "1" > /proc/sys/net/ipv4/ip_forward
> iptables -t nat -A POSTROUTING -o $wan -j MASQUERADE
> #iptables -A FORWARD -i $wan -o eth1 -m state \
> # --state RELATED,ESTABLISHED -j ACCEPT
> #iptables -A FORWARD -i eth1 -o $wan -j ACCEPT
> echo "NAT enabled for $wan"
> ---
>
> So after establishing your vpn as ppp0, you would probably need to
> re-run the above script (on the vpn gateway host) with "wan=ppp0" line
> in the above script.
>
> However, we are kind of grasping at straws here, because we don't know
> how you're setting up NAT, or your VPN.
>
>> I think the problem is a routing gateway; and I am suspicious of the
>> '*' entry on the default line. My guess is that the default route
>> should not be *, should not be 192.168.1.anything, but should be
>> something like the ppp0 far end address, which is 173.255.189.129 .
>
> Yes.
>
> But, is ppp0 likely to include the "private" part of VPN?
>
> I would with eg OpenVPN expect tun0, not ppp0.
>
> Which Linux-based VPN software encrypts over ppp0 device?
>
>> Also, be clear what
>> (a) the address is that the other machines use to reach your Debian
>> system (that is the 'gateway' address for them), and
>
>> (b) it should be a different gateway address from the 'gateway
>> address' that your Debian machine uses for its gateway
>
>> (c) and the gateway address that your debian machine uses
>> should be on the default route line in the route table, I believe.
> This sounds ambiguous. Let's say:
> After establishing your VPN on your local-LAN gateway host, it's
> default route should be the address of the far-end of the VPN link;
> and that routing table will still need specific routes (the VPN
> software/config should set this up).
>
>> (d) and your VPN should be on a different IP address subnet from the
>> local LAN subnet
> Definitely.
>
> e) be clear on the difference between PTPP tunnelling link,
> unencrypted, which looks acts and quacks like a VPN-duck to the other
> machines on your local LAN, as compared to a true VPN, which also
> encrypts the tunnel.
>
> f) also, make sure you update your NAT firewall rule after bringing up your VPN
>
> Good luck
> Zenaan
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/CAOsGNST71O=zS3=How-ZW1s=0oEkK-YW2rtVXLhMnsB6ctDSXg@mail.gmail.com
>
Reply to: