Trouble with a vpn gateway (vpnc)
I'm have a little ALIX box at home running voyagelinux that uses vpnc to establish a vpn connection to my employer's network. I use this as a vpn gateway, if you will, for an IP phone to connect to a phone server at work. It looks something like this:
employer + internet + cable modem + router (pfsense) (192.168.1.1) + (192.168.1.99) vpn gateway (192.168.0.1) + (192.168.0.2) ip phone (nortel) The IP phone is the only device behind the vpn gateway. I want everything coming in on the vpn tunnel to be forwarded to the phone, and everything coming from the phone routed through the tunnel, so I have vpnc run the following script when the vpn connection is established: Code:
#!/bin/sh |
I suppose I can simplify my question(s) this way:
If I have a tunnel tun0, what's the simplest/best way to have all traffic coming in over tun0 forwarded to $IP and all traffic from $IP routed to tun0? Thanks... |
Are you trying to "route" all packets to another router? Or trying to forward specific connections to specific ports? If all you want to do is reach a specific server, forwarding connections to its port is all you need to do. Or do you also want this so you can access the internet as coming from the employer network?
|
Thanks for the reply. I want the phone to behave as if it's directly on my employer's network, or as close to that as I can get. My vpn gateway establishes the connection to my employer, creating tun0. I then want all data coming in on tun0 to go to the phone, and all data going out from the phone to go to tun0. The phone is the only device behind my vpn gateway.
This is what I've settled on thus far, and it works for the most part: Code:
iptables -t nat -A PREROUTING -i tun0 -j DNAT --to-destination ${PHONE} |
I'm going to have to back out of this because I don't know enough about the protocol involved to understand what it is doing. But it may just be a stalled tunnel.
|
Can a tunnel stall in just one direction? Anyway, I'm now using SNAT to the tunnel IP address on the POSTROUTING rule, instead of MASQUERADE. It's been working fine for the past 5 hours, but I won't know for a day or three if it's a long-term fix.
|
So that others attempting to do the same may benefit, here's what I ended up with. It works very well, and if while on a call the connection is dropped and then restored (I have a watchdog script check every few seconds), the call automagically resumes.
Code:
#!/bin/sh |
All times are GMT -5. The time now is 11:44 PM. |