Linux

Share one VPN connection

My personal Linux laptop is a real spider in the web. It's got OpenVPN connections to the office, to the datacenter, to serveral family members, etcetera. I love it. But sometimes, there are some tasks that Linux simply can't do, like running a vSphere client.

For those situations, I use the second (Windows) computer on my desk to perform those tasks. However, this computer does not have a VPN connection right to the place I'm connecting to.

So, what do I do?

Situation

In the examples, my configuration will be:

  • VPN bridged to the office network.
  • My windows machine is on 192.168.1.7
  • My office range is 192.168.9.0/24
  • My laptop has 192.168.1.3 locally and 192.168.9.9 on the office side

    • IP Forwarding

    First of all, I tell my laptop's Linux kernel to forward tcp (ipv4) packages:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    You may want to put this in some bootup script...

    Source NAT

    Then, I make my laptop perform SNAT (source nat) on outbound packages to make the office/datacenter network believe it's actually the laptop connecting instead of the windows desktop machine:
    iptables -t nat -I POSTROUTING -s [win-ip-here] -d [network here] -j SNAT --to-source [laptop-ip]
    For my situation, the command would be:
    iptables -t nat -I POSTROUTING -s 192.168.1.7 -d 192.168.9.0/24 -j SNAT --to-source 192.168.9.9
    You may want to put this in some bootup script as well...
    If your VPN is not bridged, but routed, you may need to enter the ip of your PtP partner instead of the 192.168.9.9.

    Static route

    And finally, I tell my Windows machine that packages for my office network should be sent to the laptop, using the netsh command.
    netsh interface ipv4 add route 192.168.9.0/24 interface="Local Area Network" nexthop=192.168.1.3 store=persistent
    or
    netsh interface ipv4 add route 192.168.9.0/24 interface="Local Area Network" nexthop=192.168.1.3 store=active (temporary)

    That's all

    Now connect to your office ips from your second pc. In my situation, I use OpenVPN, but any kind of VPN can do this, as long as your operating system is smart enough to route and perform SNAT.

    © GeekLabInfo Share one VPN connection is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

    1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
    Loading...

    Leave a Reply