Bridge VPN connection with LAN

Question

I use a Nortel SSL-based VPN suite (it loads some Java Applet which sets up a VPN connection) that works great under Linux. When connected I see a tun0 device connected with the IP address I'd expect to see on the VPN network (let's call it 10.0.0.50). In addition, I still have my LAN (internal) IP address on eth0 (let's call it 192.168.0.50). I can browse to sites/ssh/whatever just fine to systems in the 10.0.0.0 subnet using this configuration.

However, what I'd really like is to be able to share this connection so that other machines on the LAN (say 192.168.0.60 and 192.168.0.70) can all somehow point to the Linux box which would forward requests through the VPN tunnel rather than routing requests through my ISP's gateway.

I speak in great ignorance -- I've played with iptables a little bit but am mostly in the dark as to the details of how these things even work. The bit that I can't change [so far as I know] is the VPN client. I've seen many how-to guides that show how to do similar things using some other VPN client. For whatever reason, I can't seem to get any other VPN client to work and I've been told that they're "not supported".

score 4 · Accepted Answer · answered Nov 19 '09 at 19:54

4

Without knowing what distro you're using I can't tell you how to integrate everything with your distro's config, but a standalone script to jury-rig this together might look something like:

brctl addbr vpnbridge
ifconfig tun0 0.0.0.0
brctl addif vpnbridge tun0
ifconfig vpnbridge 10.0.0.50 netmask 255.255.255.0
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -I POSTROUTING -o vpnbridge -j MASQUERADE

This exact will probably fail in all sorts of spectacular ways (the netmask is probably wrong, I might have missed a step, it's horrendously insecure, the VPN client might get shirty, etc) but it covers all the high points off the top of my head.

answered Nov 19 '09 at 19:54

womble

96,255
29
175
230

Sweet... That's really helpful. I'll let you know if I can hack it together. Many thanks! – Andrew Flanagan Nov 19 '09 at 19:56
How would I configure any of the client machines to connect to this? Just change their gateway to point to the Linux box? Again -- I'm a little clueless on this. – Andrew Flanagan Nov 19 '09 at 19:59
Yeah, the default gateway change should do the trick. – womble Nov 19 '09 at 20:35

score 1 · Answer 2 · answered Nov 19 '09 at 23:49

1

What about setting routes on your Linux? To route the traffic from the VPN to the LAN and viceversa, without changing the Gateway on the client... Just an option.

answered Nov 19 '09 at 23:49

D4.

95
3
10

I would if I could -- I don't know what sort of steps I'd have to take to do this. – Andrew Flanagan Nov 19 '09 at 23:59

Bridge VPN connection with LAN

2 Answers2