Fedora Linux Support Community & Resources Center
  #1  
Old 16th June 2010, 03:57 AM
jazztrump9 Offline
Registered User
 
Join Date: Mar 2006
Posts: 17
windows_7ie
site to site VPN

This questions is a little complex but here goes.

at a central HQ I have a windows server 2008 R2 machine running routing and remote access. At my home office i have a class C lan with a Fedora 13 machine. I can get fedora 13 to connect using pptp no problem. I have my router running tomato set to redirect all traffic to teh 10.0.0.0 network to my linux server. My questions is how to I make the fedora 13 machine pass all the traffic from my network with destination 10.0.0.0 over the vpn tunnel? so for instance if i ping anything 10.x.x.x from any machine on my network it will find it and reply?

thanks
Reply With Quote
  #2  
Old 16th June 2010, 11:06 AM
stevea Offline
Registered User
 
Join Date: Apr 2006
Location: Ohio, USA
Posts: 8,871
linuxfedorafirefox
Re: site to site VPN

Just as an outline -

On the F13 system you need to allow incoming traffic destined for the 10.x.x.x network to be accepted at your physical interace (eth0). Then your F13 stack will automagically forward this to you pptp connection. This requires some iptables rules and also you have to set the ipv4 forwarding parameter (see sysctl). You also need to setup NAT forwarding for these iptables connections ((the farside knows your pptp IP address but it doesn't know any of your LAN addresses)). Sorry - my iptables-fu is waning.

On the other systems on your network you need to change the routing table to send all 10.x.x.x traffic to your F13 system. Something *like*(untested)
ip route add 10.0.0.0/8 dev eth0 proto kernel scope link src 192.168.42.77
where 192.168.42.77 is the F13 syste mIP address.
==

Also you may/probably want to setup DNS forwarding so that your F13 system serves DNS to your LAN and also forwards all 10.x.x.x and somehq.com domain DNS requests to your corporate internal DNS server and everything else to your ISP DNS server. Here is an example of the DNS server command ...

Code:
# --- LOCAL
# LOCAL LAN DNS server IP; domain(s) [comma separated list]
LOCAL_DNS="192.168.1.1"  # my soho router
LOCAL_DOMS="localdomain"   # my soho domain 

# --- REMOTE
REMOTE_SRV="yoursrver.somehq.com"
REMOTE_DNS="10.42.42.253"  # remote DNS server
REMOTE_DOMS="somehq.com"
REMOTE_IPS="10.in-addr.arpa"

# -----------------------------------------------------------------

PIDFILE="/tmp/dns.pid"
	    
	    /usr/sbin/dnsmasq --bind-interfaces \
		--no-poll --all-servers --pid-file=$PIDFILE  --no-resolv \
		--server=$LOCAL_DNS \
		--server=/$REMOTE_SRV/$LOCAL_DNS \
		--server=/$REMOTE_DOMS/$REMOTE_DNS \
		--server=/$REMOTE_IPS/$REMOTE_DNS
This sends the remote domain and remote IP requests to $REMOTE_DNS DNS server, everything else goes to $LOCAL_DNS which might be your local router serving DNS or your ISP DNS.

You still need to rewrite all the /etc/resolv.conf files to point to your F13 system. Either manually or through the dhclient.conf scripts.
__________________
None are more hopelessly enslaved than those who falsely believe they are free.
Johann Wolfgang von Goethe
Reply With Quote
Reply

Tags
site, vpn

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
site to site vpn jagadesh Servers & Networking 6 17th May 2010 01:25 PM
New Site donald1973 Fedora Focus 2 27th September 2009 03:15 PM
A useful site... Maybe Wayne Wibble 3 30th April 2009 09:07 PM
Site to Site VPN, Will the same Natted Ip work for the Second site as well ? bally090 Servers & Networking 0 16th December 2008 08:15 AM
site to site vpn question killaweegee Servers & Networking 2 14th December 2004 02:18 AM


Current GMT-time: 19:54 (Tuesday, 30-09-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat