The word according to me

Linux VPN and bridging

by jammie on Feb.01, 2009, under networking, ubuntu

After many weeks of getting fed up with the Microsoft VPN client  I decided to give the Linux side of things a spin.

After a bit of searching i came across a page on the ubuntu wiki
 which started to point me in the right direction.

For my vpn connection i have had to remove the usepeerdns entry. Leaving that in place stopped the box from being able to see the net.

Now the server could see the vpn network so I started to look into methods of making the network available to my other pcs. This stage was the hardest to find information for and everyones version seemed to be different.

This is what worked for me (i found my information at here and here:

  1. I added ipt_MASQUERADE to the bottom of my /etc/modules file
  2. In /etc/ppp/ip-up i added the following:
    if [ "${PPP_IPPARAM}" = "myvpn" ]; then
    ip r a <vpn ip range>/8 via <vpn ip> dev "${PPP_IFACE}"
    iptables -F;iptables -t nat -F;
    iptables -t mangle -F
    iptables -t nat -A POSTROUTING -o "${PPP_IFACE}" -j MASQUERADE
    fi
  3. bring up the connection using pon <yourconnection>. Test that you can ping both the local network, remote network and the internet
  4. Secure it by adding the following before the fi in step 2

    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
    iptables -P INPUT DROP #only if the first two are successful
    iptables -A FORWARD -i     "${PPP_IFACE}" -o "${PPP_IFACE}" -j REJECT
  5. Drop the previous connection using poff and then reconnect. The VPN connection should now be correctly setup and you should be able to ping local, vpn and external machines as before
  6. Create a route on your pcs that point traffic to your VPN’s ip range through the Linux system and you should now have VPN access :D

I hope this helps people that are trying to setup a vpn connection and then share it between there local machines. The only thing that i am now missing is dns from the vpn. Its not a major problem at the moment but it would be a nice to have feature. I will post my findings once i have some time to investigate.


Leave a Reply

You must be logged in to post a comment.

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...

    Archives

    All entries, chronologically...