Date: Fri, 19 Dec 2008 14:03:44 +0100 From: VANHULLEBUS Yvan <vanhu@FreeBSD.org> To: Noah Silverman <noah@webclipping.com> Cc: freebsd-net@freebsd.org Subject: Re: Surf outside Internet through VPN Message-ID: <20081219130344.GA38912@zeninc.net> In-Reply-To: <E35F3ECA-9084-4C96-B4CE-D51E8E76A4A0@webclipping.com> References: <E35F3ECA-9084-4C96-B4CE-D51E8E76A4A0@webclipping.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 19, 2008 at 03:23:57AM -0800, Noah Silverman wrote: > Hello, Hi. > I want to find a way to pass ALL traffic from my laptop THROUGH my > office VPN and then out to the Internet. This is a "road warrior" > setup. This gives me a few benefits: 1) I can check my email securely > through VPN. 2) No matter where I am, I will always have the external > IP of my VPN server when accessing the web. > > I have setup a VPN. Was able to get it working with either tun or tap > interfaces. That part seems OK. Ok, I'll guess you're using an IPsec VPN. > Now what?? (I can see and connect to the VPN server with '10.0.8.1' > easily. I can't see or connect to the outside world.) Do I need to > add some kind of special route in the routing table? > > Would this be better as a tun or using a bridge through tap? If you're using a tun interface and can access your remote gate through the tunnel, you may just have to add a default route to this remote gate (warning: ensure you still have some static routes to access the public IP of the gate, so your tunnel won't match the default route, which is reachable through the tunnel....). You can also just use "simple" IPsec without gif, and you'll have SPD entries like: spdadd myip 0.0.0.0/0 any -P out ipsec esp/tunnel/mypublicIP-GatepublicIP/unique; for outgoing traffic (and the reverse SPD entry for incoming traffic). Please note that, for IPsec (and for IKE negociations), 0.0.0.0/0 does NOT means "any IP", it does REALLY means "the network with base address 0.0.0.0 and 0 bits of netmask". Yvan.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081219130344.GA38912>