You are not logged in.
- Topics: Active | Unanswered
#1 2008-09-07 23:10:33
- Donki
- Member
- Registered: 2008-09-01
- Posts: 6
Sharing / Forwarding an OpenVPN Connection
I have access to an off site OpenVPN connection, and I want to share it with a few computers I have in my dorm room.
My university internet is VERY restrictive, so I wanted a way to SSH in, get my Samba shares, and maybe host a game / vent server for my friends and I every once in a while.
I have a router that has a server, my laptop, my HTPC, and an Xbox connected to it.
What I want to do, is tunnel all of my LAN internet traffic through my server, through the OpenVPN connection, and out to the internet.
I have one wall Ethernet port in my room that gives me access internet access.
My server has three NICs.
I was thinking of routing it like this:
[[WALL PORT]] ---> [[SERVER ETH0]] <--(COMPLETELY TRANSPARENT CONNECTION WITH OPENVPN)--> [[SERVER ETH1]] ---> [[ROUTER WAN]] ---> [[REST OF CONNECTED DEVICES ON LAN]]
I want it to be transparent in the way that, the server only accepts the OpenVPN connection on the internet side, and forwards that OpenVPN connection from the eth0 (that's connected to the internet) to eth1 (that will be connected to the WAN on the router).
This way, the router is connected to the internet only through the OpenVPN connection.
I want to use the router in this way, because I feel like the router is easier to configure. Also, I need it for wireless.
If y'all have any other suggestions, or better ways to connect, by all means tell me I'm a dumb ass and give me your opinion!
Tell me if y'all need more information.
Offline
#2 2008-09-08 07:01:35
- xvalentinex
- Member
- Registered: 2008-05-31
- Posts: 22
Re: Sharing / Forwarding an OpenVPN Connection
Wow, that's quite a set-up, not advisable, but whatever.
You'll need to set your server to be a router, plenty of guides out there.
Real quick, though:
you need to set 'net.ipv4.ip_forward = 1' in sysctl.conf
You'll need to do a double NAT (ie NAT out eth1 then NAT out router).
It's important these ip spaces don't overlap (ie Eth1 = 192.168.10.0/24 / Router = 192.168.11.0/24)
I'm not going to get into security here, so these suggestions are wide open
iptables -t nat -A POSTROUTING -o <tunnel int> -s 192.168.10.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.10.0/24 -j MASQUERADE (if you want the LAN to be able to get out when VPN is not established)
iptables -P FORWARD -j ACCEPT
And lastly you'll need to make sure that the OpenVPN connection creates a default route where the next-hop is the remote IP of the tunnel.
I think that will get you up and running with the basics.
Offline
#3 2008-09-08 20:10:28
- Daenyth
- Forum Fellow
- From: Boston, MA
- Registered: 2008-02-24
- Posts: 1,244
Re: Sharing / Forwarding an OpenVPN Connection
You can also read the openmoko wiki USB Networking article, which goes through similar steps.
[git] | [AURpkgs] | [arch-games]
Offline