[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FC9 Linux gateways, VPN working, IP forwarding isn't



On Fri, Jan 23, 2009 at 7:55 PM, Gary Stainburn <gary stainburn ringways co uk> wrote:
Hi folks.

I've given up on openswan because it won't work though my ADSL router.

I've now got a very simple ppp-over-ssh VPN working using the following script

/usr/sbin/pppd updetach noauth passive \
 pty "ssh $HOST -P -o Batchmode=yes /usr/sbin/pppd nodetach notty noauth" \
 $LocIP:$RemIP

I'm using 192.167.127.1 and .2 for the VPN

My local LAN is 10.6.0.0/16 and the remote is 10.1.0.0/16

The VPN works, and from each end I can ssh to the remote end using either it's
192. or 10.  IP address.

On each gateway, and on the test hosts on each LAN I have set up the
appropriate routes. On each gateway I have enabled IP  Forwarding by running

sysctl -w net.ipv4.ip_forward=1

and made it permenant by editing /etc/sysctl.conf. I even rebooted to make
sure.

However, I cannot get anything to work except gateway to gateway. Anything
behind the gateways cannot get past their local gateway.

Anyone know what I've missed?


I guess its normal not to pass because the next gateways dont "know"  what 10.x/192.x ips are.
I think either you have to export those IPs to the next gateways either you enable nat
for each VPN, smth like iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE (fastest
way) where eth0 is your interface for internet.

--
Gary Stainburn

This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000

--
fedora-list mailing list
fedora-list redhat com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]