Fedora Linux Support Community & Resources Center
Old 16th June 2010, 03:57 AM
jazztrump9 Offline
Registered User
Join Date: Mar 2006
Posts: 17
site to site VPN

This questions is a little complex but here goes.

at a central HQ I have a windows server 2008 R2 machine running routing and remote access. At my home office i have a class C lan with a Fedora 13 machine. I can get fedora 13 to connect using pptp no problem. I have my router running tomato set to redirect all traffic to teh network to my linux server. My questions is how to I make the fedora 13 machine pass all the traffic from my network with destination over the vpn tunnel? so for instance if i ping anything 10.x.x.x from any machine on my network it will find it and reply?

Reply With Quote
Old 16th June 2010, 11:06 AM
Posts: n/a
Re: site to site VPN

Just as an outline -

On the F13 system you need to allow incoming traffic destined for the 10.x.x.x network to be accepted at your physical interace (eth0). Then your F13 stack will automagically forward this to you pptp connection. This requires some iptables rules and also you have to set the ipv4 forwarding parameter (see sysctl). You also need to setup NAT forwarding for these iptables connections ((the farside knows your pptp IP address but it doesn't know any of your LAN addresses)). Sorry - my iptables-fu is waning.

On the other systems on your network you need to change the routing table to send all 10.x.x.x traffic to your F13 system. Something *like*(untested)
ip route add dev eth0 proto kernel scope link src
where is the F13 syste mIP address.

Also you may/probably want to setup DNS forwarding so that your F13 system serves DNS to your LAN and also forwards all 10.x.x.x and somehq.com domain DNS requests to your corporate internal DNS server and everything else to your ISP DNS server. Here is an example of the DNS server command ...

# --- LOCAL
# LOCAL LAN DNS server IP; domain(s) [comma separated list]
LOCAL_DNS=""  # my soho router
LOCAL_DOMS="localdomain"   # my soho domain 

# --- REMOTE
REMOTE_DNS=""  # remote DNS server

# -----------------------------------------------------------------

	    /usr/sbin/dnsmasq --bind-interfaces \
		--no-poll --all-servers --pid-file=$PIDFILE  --no-resolv \
		--server=$LOCAL_DNS \
		--server=/$REMOTE_SRV/$LOCAL_DNS \
		--server=/$REMOTE_DOMS/$REMOTE_DNS \
This sends the remote domain and remote IP requests to $REMOTE_DNS DNS server, everything else goes to $LOCAL_DNS which might be your local router serving DNS or your ISP DNS.

You still need to rewrite all the /etc/resolv.conf files to point to your F13 system. Either manually or through the dhclient.conf scripts.
Reply With Quote

site, vpn

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
site to site vpn jagadesh Servers & Networking 6 17th May 2010 01:25 PM
New Site donald1973 Fedora Focus 2 27th September 2009 03:15 PM
A useful site... Maybe Wayne Wibble 3 30th April 2009 09:07 PM
Site to Site VPN, Will the same Natted Ip work for the Second site as well ? bally090 Servers & Networking 0 16th December 2008 09:15 AM
site to site vpn question killaweegee Servers & Networking 2 14th December 2004 03:18 AM

Current GMT-time: 16:48 (Tuesday, 19-09-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat