Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 19 Dec 2008 12:56:48 +0000
From:      Dunc <dunc@lemonia.org>
To:        Noah Silverman <noah@webclipping.com>
Cc:        freebsd-net@freebsd.org
Subject:   Re: Surf outside Internet through VPN
Message-ID:  <494B9A10.4020402@lemonia.org>
In-Reply-To: <494B93E3.5020202@bitfreak.org>
References:  <E35F3ECA-9084-4C96-B4CE-D51E8E76A4A0@webclipping.com> <494B93E3.5020202@bitfreak.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Darren Pilgrim wrote:
> Noah Silverman wrote:
>> I want to find a way to pass ALL traffic from my laptop THROUGH my 
>> office VPN and then out to the Internet.  This is a "road warrior" 
>> setup. This gives me a few benefits:  1) I can check my email
>> securely  through VPN.  2) No matter where I am, I will always have
>> the external  IP of my VPN server when accessing the web.
>>
>> I have setup a VPN.  Was able to get it working with either tun or
>> tap  interfaces.  That part seems OK.
>>
>> Now what??  (I can see and connect to the VPN server with '10.0.8.1' 
>> easily.  I can't see or connect to the outside world.)  Do I need to 
>> add some kind of special route in the routing table?
>
> If you can talk to arbitrary hosts on your office network--not just
> the VPN server--setting your default router to the office's gateway
> will achieve what you want.
> _______________________________________________

If you meant the internal address of the office's gateway, then changing
the default route to that means that you will no longer be able to reach
the public IP of the VPN peer.

What you need to do is,

i) Add a host route to the VPN peer address, via your current default
gateway on whatever network you happen to be on
ii) Change your default route to be something on your office net that is
willing to router traffic out the Internet for you. This potentially
could the internal address of your office firewall, if it knows how to
route back to you via the VPN terminating box. Alternatively just the
other end of your tunnel, I'm guessing from the above that it's '10.0.8.1'


If you're using OpenVPN, then the "redirect-gateway" directive tries to
do the above for you.

Cheers,

Dunc



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?494B9A10.4020402>