[vpn-help] Give access to mor than one machine?

Kevin VPN kvpn at live.com
Wed Sep 7 22:33:11 CDT 2011


On 09/04/2011 07:52 AM, Marco wrote:
> Hello, I'm using the VPN client 2.1.7 under Linux to connect to a
> corporate VPN, and it works perfectly. Since I'm running a couple of
> virtual machines on my box, I'd like to be able to reach the remote
> network from them as well.
>
> So on the host, I enabled IP forwarding then added this iptables rule
> (192.168.1.0/24 is the remote LAN):
>
> iptables -t nat -A POSTROUTING -d 192.168.1.0/24 -j MASQUERADE
>
> (including other variations with "-o tap0", "-s 192.168.130.0/24"
> (which is my VM network) ) but nothing worked.
>
> What I see is that packet correctly reach the remote machines (with
> the source IP correctly translated to the local box's VPN IP), and
> their replies reach my box, but then it seems like they're not
> forwarded back to the originating VM.
>
> I'm aware that IPsec is peculiar in how traffic flows, but is it the
> case that this would break iptables' NAT too?
>

Hi Marco,

It looks like you're  hoping to run Shrew in the host and have 
VM-sourced traffic that is destined for the remote LAN get redirected 
into the tunnel.  Interesting idea - I'd guess actually pretty common 
request.

I'd suggest first seeing if you can make this work without the 
complication of the VM virtual networking.  See if you can have another 
physical box on your LAN send traffic via your host box that is destined 
for the remote LAN.  That will tell you if the concept works.  My guess 
is that it should be possible.





More information about the vpn-help mailing list