How to setup a VM Gateway like Whonix but for a generic VPN
I created a linux VM with 3 interfaces: a NAT interface for internet access (eth0 with ip in this range 192.168.84.0/24), a Host-only interface for communication with other VMs (eth1 with ip 192.168.10.10) and a VPN interface (tun0 that's up when connected to a VPN server and with ip into this range 10.182.0.0/16, this may change at every connection).
My goal is to set up all the necessary instructions on how to route only the incoming and outgoing internet traffic from eth1 to go through tun0 and leave internet access to the other applications on the gateway (if necessary). I would like to create something similar to the Whonix Gateway (where connections are routed through TOR from the outside connected VM Workstation) but instead of using TOR I would like to use a generic VPN service, that would be accessed with OpenVPN or Wireguard. So I thought of some steps to do: 1. Enable IP forwarding on the Linux virtual machine by editing the /etc/sysctl.conf file and setting `net.ipv4.ip_forward = 1` 2. Add a new route for the host-only interface to route all traffic through the VPN interface with the following command: Code:
sudo route add -net 192.168.10.0 netmask 255.255.255.0 gw 10.182.4.2 dev tun0 3. Set up iptables rules to redirect all incoming and outgoing traffic from the eth1 interface to the VPN interface, except for traffic coming from the gateway itself with the following commands: Code:
sudo iptables -A FORWARD -i eth1 -o tun0 -j ACCEPT Code:
sudo apt-get install iptables-persistent But something is not working properly and from the other VM connected to the gateway through the host-only network I can't connect to the internet (when the VPN is connected on the GW). I'm no expert and I know I'm doing something wrong so can someone help me on simplify and adjust (remove or add instructions) this steps on how to create a linux VM gateway that connect to the internet through a VPN and share this and only this connection with another VM connected through a private network of the 2 VMs (so when the VPN is off the other VM connected to the gateway have no Internet connection). If all of this make sense ^_^ Thanks you so much |
All times are GMT -5. The time now is 03:37 PM. |