Comments on: Configuring VPN client http://www.redips.net/linux/configuring-vpn-client/ Techniques and Web Technologies Fri, 12 Mar 2010 08:51:54 +0100 hourly 1 By: dbunic http://www.redips.net/linux/configuring-vpn-client/comment-page-1/#comment-128 dbunic Tue, 24 Feb 2009 10:31:08 +0000 http://www.redips.net/?p=31#comment-128 Konstantin, I'm not a network expert, but I have experience with Linux Wireless Gateway on my local network. This is somehow similar to your environment and I will try to give you some hints. Lets assume that you have fixed public IP address and you want to set one Linux box as gateway. Gateways usually have more than one network devices. In my case, I had wireless and network card, and in your case you will have at least two network cards. First network (eth0) device should be configured for your local network (for example set IP 10.0.0.1 and define range 10.0.0.0/24), while second network device (eth1) should have public IP - something like 1.2.3.4 OK, now it's time to enable IP forwarding on the gateway box. To do this, add the following line to the file <em>/etc/sysctl.conf</em>: <strong>net.ipv4.ip_forward = 1</strong> You will have to reboot Linux because this ensures IP forwarding starts every time you reboot the machine. To start it without rebooting, type the following command: <strong>echo 1 > /proc/sys/net/ipv4/ip_forward</strong> Next, enable Source Network Address Translation (SNAT) so that your local network can use the Internet transparently. <strong>iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 1.2.3.4</strong> Now your clients will have an open road to the Internet ;) just set their default gateway to the 10.0.0.1 I will strongly advice you to set a firewall on gateway to protect a your local network. Please see how I described firewall for the Web server <a title="Firewall for the Web server" href="http://www.redips.net/linux/lamp-setup/#section7" rel="nofollow">LAMP setup: Beginning | Firewall</a> ... You can delete lines with ports 80 and 22 and below line: <strong>-A INPUT -i lo -j ACCEPT</strong> add a line to accept all traffic from the local network: <strong>-A INPUT -i eth0 -j ACCEPT</strong> Hope this comment will give useful informations ... Konstantin,
I'm not a network expert, but I have experience with Linux Wireless Gateway on my local network. This is somehow similar to your environment and I will try to give you some hints. Lets assume that you have fixed public IP address and you want to set one Linux box as gateway. Gateways usually have more than one network devices. In my case, I had wireless and network card, and in your case you will have at least two network cards. First network (eth0) device should be configured for your local network (for example set IP 10.0.0.1 and define range 10.0.0.0/24), while second network device (eth1) should have public IP - something like 1.2.3.4

OK, now it's time to enable IP forwarding on the gateway box. To do this, add the following line to the file /etc/sysctl.conf:
net.ipv4.ip_forward = 1

You will have to reboot Linux because this ensures IP forwarding starts every time you reboot the machine. To start it without rebooting, type the following command:
echo 1 > /proc/sys/net/ipv4/ip_forward

Next, enable Source Network Address Translation (SNAT) so that your local network can use the Internet transparently.
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 1.2.3.4

Now your clients will have an open road to the Internet ;) just set their default gateway to the 10.0.0.1

I will strongly advice you to set a firewall on gateway to protect a your local network. Please see how I described firewall for the Web server LAMP setup: Beginning | Firewall ... You can delete lines with ports 80 and 22 and below line:
-A INPUT -i lo -j ACCEPT
add a line to accept all traffic from the local network:
-A INPUT -i eth0 -j ACCEPT

Hope this comment will give useful informations ...

]]> By: Konstantin http://www.redips.net/linux/configuring-vpn-client/comment-page-1/#comment-127 Konstantin Mon, 23 Feb 2009 18:31:17 +0000 http://www.redips.net/?p=31#comment-127 Hi. Thank you for instructions. Can you help me? How can I make NAT (or MASQUERADE) other VPN. I have local net and only one IP address? Hi. Thank you for instructions. Can you help me? How can I make NAT (or MASQUERADE) other VPN. I have local net and only one IP address?

]]>