View Full Version : site to site VPN
16th June 2010, 03:57 AM
This questions is a little complex but here goes.
at a central HQ I have a windows server 2008 R2 machine running routing and remote access. At my home office i have a class C lan with a Fedora 13 machine. I can get fedora 13 to connect using pptp no problem. I have my router running tomato set to redirect all traffic to teh 10.0.0.0 network to my linux server. My questions is how to I make the fedora 13 machine pass all the traffic from my network with destination 10.0.0.0 over the vpn tunnel? so for instance if i ping anything 10.x.x.x from any machine on my network it will find it and reply?
16th June 2010, 11:06 AM
Just as an outline -
On the F13 system you need to allow incoming traffic destined for the 10.x.x.x network to be accepted at your physical interace (eth0). Then your F13 stack will automagically forward this to you pptp connection. This requires some iptables rules and also you have to set the ipv4 forwarding parameter (see sysctl). You also need to setup NAT forwarding for these iptables connections ((the farside knows your pptp IP address but it doesn't know any of your LAN addresses)). Sorry - my iptables-fu is waning.
On the other systems on your network you need to change the routing table to send all 10.x.x.x traffic to your F13 system. Something *like*(untested)
ip route add 10.0.0.0/8 dev eth0 proto kernel scope link src 192.168.42.77
where 192.168.42.77 is the F13 syste mIP address.
Also you may/probably want to setup DNS forwarding so that your F13 system serves DNS to your LAN and also forwards all 10.x.x.x and somehq.com domain DNS requests to your corporate internal DNS server and everything else to your ISP DNS server. Here is an example of the DNS server command ...
# --- LOCAL
# LOCAL LAN DNS server IP; domain(s) [comma separated list]
LOCAL_DNS="192.168.1.1" # my soho router
LOCAL_DOMS="localdomain" # my soho domain
# --- REMOTE
REMOTE_DNS="10.42.42.253" # remote DNS server
/usr/sbin/dnsmasq --bind-interfaces \
--no-poll --all-servers --pid-file=$PIDFILE --no-resolv \
This sends the remote domain and remote IP requests to $REMOTE_DNS DNS server, everything else goes to $LOCAL_DNS which might be your local router serving DNS or your ISP DNS.
You still need to rewrite all the /etc/resolv.conf files to point to your F13 system. Either manually or through the dhclient.conf scripts.
vBulletin® v3.8.7, Copyright ©2000-2013, vBulletin Solutions, Inc.