PPP-SSH VPN Tunnel Routing

Bradfirj92 · 05-09-2009, 12:31 PM

Here's my situation, I have two sites, specifically two different locations across the country, each with a collection of Gaming PCs and Consoles. Both sites have what is close to a T1 connection so bandwidth won't be a problem.

I'm going to use PPP over SSH VPN to link the sites, and host to host communications are all fine, now my question is how can I have multiple machines connected to host A (192.168.5.1) and each able to communicate with the machines on the other side connected to host B (192.168.6.1).

I suspect some NAT will be involved, could anyone point me to the how-to that I'm looking for, or answer here?

In addition, it would be very helpful if I could configure Host B so all communication to the outside internet from its clients is also routed to Host A first, since site B may or may not have a filtering system.

Thanks

rayfordj · 05-09-2009, 04:42 PM

bear with me:

HostA clients: 192.168.5/24
HostA IP(eth1): 192.168.5.1
HostA pub(eth0): 512.123.0.A
HostA gw(eth0): 512.123.0.Agw
HostA tun(tun0): 10.0.10.1

HostB clients: 192.168.6/24
HostB IP(eth1): 192.168.6.1
HostB pub(eth0): 321.215.0.B
HostB gw(eth0): 321.215.0.Bgw
HostB tun(tun0): 10.0.10.2

assuming your tunnel is operational and A and B can communicate through it without incident...

if Host A is your default gw to the world then clients should already have it set as their default gw so you should just be able to set a route to 192.168.6/24 via tun0
if not, then HostA should have ip_forward enabled and clients either use it as default gw or clients get a static route set to route 192.168.6/24 via HostA 192.168.5.1
HostA

Code:

ip route add 192.168.6.0/24 dev tun0

same applies for HostB and 192.168.6/24 routing to HostA and 192.168.4/24;
HostB

Code:

ip route add 192.168.5.0/24 dev tun0

for routing all HostB and 192.168.6/24 through HostA tun, something like this... (there may be more magic that needs to take place)
(DNS, SMTP, HTTP, not sure what all else is at play here or how it would be affected... or considered...)
HostB

Code:

ip route add 512.123.0.A via 321.215.0.Bgw dev eth0
ip route del default via 321.215.0.Bgw dev eth0
ip route add default via 10.0.10.1 dev tun0

Hopefully this gets you on the right path.
Understand that I've made some gross assumptions about your configuration that you'll need to consider and I'm sure I'm missing quite a bit...

:-)

Might a more robust VPN solution (?openvpn?) not be better suited for your task?

Bradfirj92 · 05-09-2009, 04:58 PM

Thanks for the reply.

Do you know off the top of your head if openVPN allows you to tunnel through a proxy and specific port?
The people who own the connection at B (a caravan park incidentally) aren't very tech savvy and had their system put in as an all-in-one deal.

The host at B has to connect through a proxy, which allows any port from 200 to 600 along with standard ones. We had been running ssh and sshd over port 222 and it worked fine.

Thanks

rayfordj · 05-09-2009, 05:24 PM

Quote:

Originally Posted by Bradfirj92

Do you know off the top of your head if openVPN allows you to tunnel through a proxy and specific port?

much like sshd it uses a standard|defined port by default but you may change the port that it binds.

without knowing the specific "proxy" being referenced, i'm going to blanket respond with yes. there are options to define various proxy settings.

Edit: Not trying to make more work for you... just offering alternatives that might not have otherwise been considered.

Bradfirj92 · 05-09-2009, 05:39 PM

That's great thanks. I'll investigate further tomorrow it's quite late here.

Oh and the proxy is an http proxy on 8080 if that's important.

Again thanks very much.