Since at my workplace they use Cisco VPNs (AnyConnect protocol) to reach production and test servers, i need to be always connected to work on those servers.
The problem is that the VPN doesn't implement split-tunneling, so i'm left with either connect to the internet or dev servers (dev servers are on the lan segment) or connect to the production or test servers.
I came up with the idea of using a Raspberry Pi 3 to split the vpn with the use of this awesome tool, called vpn-slice (https://github.com/dlenski/vpn-slice)
Indeed it works, and from the raspberry i can reach internet, vpn servers and lan segment.
The problems are now these:
The pc connected to hostapd can navigate to internet, but no lan access (lan is on 192.168.32.1/22 and internal wifi access point is 192.100.100.1/24) i think i may need a bridge, but never really configured one (i'm not that of a network guy)
I cannot access the vpn, since in on another dev (tun0)
so, this is the output of my ifconfig:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.33.112 netmask 255.255.252.0 broadcast 192.168.35.255
inet6 fe80::ba27:ebff:fe8b:bc4a prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:8b:bc:4a txqueuelen 1000 (Ethernet)
RX packets 335923 bytes 94865354 (90.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 38890 bytes 12941447 (12.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 176 bytes 13688 (13.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 176 bytes 13688 (13.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1239
inet 192.168.249.52 netmask 255.255.255.255 destination 192.168.249.52
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 2 bytes 198 (198.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2 bytes 166 (166.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.100.100.1 netmask 255.255.255.0 broadcast 192.100.100.255
inet6 fe80::ba27:ebff:fede:e91f prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:de:e9:1f txqueuelen 1000 (Ethernet)
RX packets 39416 bytes 12108156 (11.5 MiB)
RX errors 0 dropped 6 overruns 0 frame 0
TX packets 56938 bytes 61317586 (58.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
And this is my route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.32.1 0.0.0.0 UG 0 0 0 eth0
10.128.231.134 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.129.127.46 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.129.127.48 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
x.224.64.x 192.168.32.1 255.255.255.255 UGH 0 0 0 eth0
192.100.100.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
192.168.32.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0
and this is what i use to masquerade the wireless access point (wlan0) to the internet:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
I have no idea how to route wlan0 to eth0 family (lan) and to tun0 (vpn) servers (note that i need only the specific server contained into the route command)
Thanks to anyone that will help!
