1

To have a simple scenario, let's say we have:

  • Office: Four computers running Debian and another computer running CentOS.

  • HQs: A Debian running the VPN server which is located at the central HQs.

The target is to establish VPN connection from the Office LAN through CentOS to the HQs LAN to route some of the traffic to some internal services that are located inside HQs LAN (let's say, under 10.0.10.0/24 subnet).

The main points are that:

  1. Only some routes needs to pass through the VPN while the rest of the traffic would go to the internet directly.

  2. CentOS should be the one connecting to the VPN and offering the route to the rest of the computers in the LAN.

While I have set up any VPN tunnels for personal use and was able to achieve the first point, I am not sure how would I do both when combined. I am aware that I can add some static routes to the clients at Office but I do not know if CentOS would be willing to accept the requests. Can someone bring me some light on this?

Raj
  • 11
  • 1

1 Answers1

1
  • Point the route to the 10.0.10.0/24 to the CentOS LAN IP on the Debians.
  • Enable the ip forwarding in CentOS (net.ipv4.ip_forward = 1 with sysctl).
  • Review the iptables configuration in CentOS to be sure it passes the packets.
  • If HQ LAN doesn't know about your branch LAN addresses - add NAT in CentOS, translate the branch LAN addresses to a CentOS VPN client address.
  • Consider a dynamic routing scheme, so you don't need to use NAT on CentOS.
drookie
  • 8,625
  • 1
  • 19
  • 29