From: Lewis G Rosenthal <lgrosenthal@2rosenthals.com>
To: lartc@vger.kernel.org
Subject: Re: Routing recommendations for sharing VPN connection between VBox guest and host
Date: Fri, 30 Aug 2013 02:44:48 +0000 [thread overview]
Message-ID: <52200720.80804@2rosenthals.com> (raw)
In-Reply-To: <521FDF79.8020908@2rosenthals.com>
Hi, Scott... Thanks for the quick reply.
On 08/29/13 08:13 pm, Scott Edwards thus wrote :
> You can enable forwarding via echo 1 > /proc/sys/net/ipv4/ip_forward
> (or something like that, I'm a road warrior right now, no linux box in
> sight)
>
Indeed, this is how I did it, as well as:
echo 1 > /proc/sys/net/ipv4/ppp0/ip_forward
(and ensuring the ipv4/eth0/ip_forward was present)
> As for masqurading, that may be necessary, as Cisco is more strict on
> the IPsec VPN tunnel. The ACL that directs traffic to the VPN is also
> responsible for dropping traffic that does not match. The only way to
> be rather flexible with that, is to do IPsec over GRE, but this
> clashes with your design needs on a few different angles.
>
Yes.
> If the Linux host has success communicating to the IPsec peer, then it
> should be able to say,
> iptables -A OUTPUT -o ppp0 -j MASQUERADE
>
I think this is where I fell short somehow. I believe I entered this as
a POSTROUTING rule; perhaps that was my error vs OUTPUT (see
http://www.tldp.org/HOWTO/html_single/Masquerading-Simple-HOWTO/ per the
dial-up connection summary). I did not NAT it, however (as mentioned in
the example). Hmmm...
> I would also check "iptables-save -c" for hit counts, and forwarding,
> and other policy.
>
Good tip; thanks! It surely helps to be able to *see* what's going on
(especially when things don't work as expected!).
> HTH,
>
Indeed. Thanks again for the quick follow-up. I'll give some of this a
test tomorrow and see how I make out.
Cheers
--
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, RTRP, EA
Rosenthal & Rosenthal, LLC www.2rosenthals.com
Need a managed Wi-Fi hotspot? www.hautspot.com
Warpstock 2013 - Atlanta, GA - Oct 4-6 www.warpstock.org
visit my IT blog www.2rosenthals.net/wordpress
-------------------------------------------------------------
next prev parent reply other threads:[~2013-08-30 2:44 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-29 23:55 Routing recommendations for sharing VPN connection between VBox guest and host Lewis G Rosenthal
2013-08-30 0:13 ` Scott Edwards
2013-08-30 2:44 ` Lewis G Rosenthal [this message]
2013-09-04 3:35 ` Lewis G Rosenthal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52200720.80804@2rosenthals.com \
--to=lgrosenthal@2rosenthals.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.