-1

On my server(CentOS 6.2), I have installed *CoovaChilli** software. Bellow, I will present what I need to do, and put my questions:

My LAN that is managed by server is 10.1.0.0. The Internet IP address of that server (the WAN) is 11.11.11.1. I want to make possible an Internet client, let's say with Internet IP address 12.12.12.12, to access the Internet like he is a client in my LAN(10.1.0.0). That means (one of them), when he wants to access the Internet, he needs to authenticate first.

Question: Is that possible? If yes, how? (some guidelines). I need to provide me some guidelines and thoughts on this, because I'm really new to VPN.

N.B. I think it should be realized through VPN. Related to this, I just want to make you aware of one thing: the LAN network is provided through a tunnel that is created by CoovaChilli

**CoovaChilli* is an access controller for captive portal software. That means that when you try to access the internet through it, you will be required to authenticate yourself first.

artaxerxe
  • 541
  • 2
  • 10
  • 22
  • So a client that already has internet access, connects to your LAN, where he then needs to authenticate to get access to the internet again...and what do you with "access the internet like he is a client in your LAN? Like a proxy? It would be nice if you put your example in bullets – Lucas Kauffman May 04 '12 at 06:02
  • @LucasKauffman Not like a proxy, just like a LAN client. And as I mentioned, I'm not sure if it's possible. I asked if it's possible! Yes, as you already said probabbly I will need to set a proxy from VPN. Is that possible? – artaxerxe May 04 '12 at 12:36

1 Answers1

1

It sounds like you want all traffic on some remote machines to route back through your VPN tunnel for all Internal network and Internet resources with authentication for the internet through this CoovaChilli device.

I'm not familiar with CoovaChilli but here are the basic priciples.

Depending on what you are using as your VPN termination device you are using will determine how this is done.

If the CoovaChilli device is your VPN termination device it should be pretty straight forward.

The VPN tunnel config has to be configured so the Client or remote machine knows to route all of it's traffic the VPN termination point first. On most vpn devices you setup access lists to determine what traffic goes through the tunnel. So you would specify that all trafic goes through the tunnel. Like a 0.0.0.0 routes thorugh the tunnel IP. This in turn passes these routes on to the client or remote machine.

If the CoovaChilli is behind your VPN termination device as a proxy this will be a little bit more difficult. You would have to setup the VPN tunnel so that it routes Web traffic to the CoovaChilli device. Proxy settings would probably be the easist way to do this.

With a cisco ASA you can force proxy settings to the client machine when it connects to the tunne. I've never personally used it but there are a bunch of options using a PAC file or just push specific proxy settings.

theputter
  • 56
  • 1