On Fri, Jan 23, 2009 at 7:55 PM, Gary Stainburn < gary.stainb...@ringways.co.uk> wrote:
> Hi folks. > > I've given up on openswan because it won't work though my ADSL router. > > I've now got a very simple ppp-over-ssh VPN working using the following > script > > /usr/sbin/pppd updetach noauth passive \ > pty "ssh $HOST -P -o Batchmode=yes /usr/sbin/pppd nodetach notty noauth" \ > $LocIP:$RemIP > > I'm using 192.167.127.1 and .2 for the VPN > > My local LAN is 10.6.0.0/16 and the remote is 10.1.0.0/16 > > The VPN works, and from each end I can ssh to the remote end using either > it's > 192. or 10. IP address. > > On each gateway, and on the test hosts on each LAN I have set up the > appropriate routes. On each gateway I have enabled IP Forwarding by > running > > sysctl -w net.ipv4.ip_forward=1 > > and made it permenant by editing /etc/sysctl.conf. I even rebooted to make > sure. > > However, I cannot get anything to work except gateway to gateway. Anything > behind the gateways cannot get past their local gateway. > > Anyone know what I've missed? I guess its normal not to pass because the next gateways dont "know" what 10.x/192.x ips are. I think either you have to export those IPs to the next gateways either you enable nat for each VPN, smth like iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE (fastest way) where eth0 is your interface for internet. > > -- > Gary Stainburn > > This email does not contain private or confidential material as it > may be snooped on by interested government parties for unknown > and undisclosed purposes - Regulation of Investigatory Powers Act, 2000 > > -- > fedora-list mailing list > fedora-list@redhat.com > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list > Guidelines: > http://fedoraproject.org/wiki/Communicate/MailingListGuidelines >
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
