Re: [Shorewall-users] VPN Tunnel

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Fri, 18 Apr 2003, Byounghae Kim wrote:

> 
> Thank you for rapid response.
> 
> I created the subnet of the group (A) at my option.
> I want that the local computers in the group (A) runs like the local
> computers in the group (B).
> For example, when the computer with IP 61.35.xxx.115 in the group (A)
> uses the Internet, the packets are transferred via default gateway
> 61.35.xxx.1 through the tunnel like the local computers in the group
> (B).
> That is to say, I want that the computer with IP 61.35.xxx.115 in the
> group (A) is authorized as the computer having Public IP through the
> tunnel.
> 
> #ip route ls
> 
> 61.35.xxx.120 dev ppp0  proto kernel  scope link  src 61.35.xxx.113
> 61.35.xxx.112/29 dev eth1  proto kernel  scope link  src 61.35.xxx.118
> 211.59.xxx.0/24 dev eth0  proto kernel  scope link  src 211.59.xxx.108
> default via 211.59.xxx.1 dev eth0
> 
> PPTP Tunnel is connected by ppp0.
> localip : 61.35.xxx.113 remoteip : 61.35.xxx.120
> 
> For setting mentioned above, do I run TCRules or add the routing table?
> Or, do I need to change the subnet in the group (B) that I made?
> If there is any other method, please let me know. Thank you for any
> experiences.
> 
>

The routing for this setup is explained at 
http://pptpclient.sourceforge.net/routing.phtml. You can set up the packet 
marking described there in tcrules if you like.

Note that you will have to add a route through the tunnel to 
61.35.xxx.0/29 when the right side of the tunnel comes up as well. You can 
add that route to the main routing table.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ te...@sh...