LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 09-26-2007, 03:50 PM   #1
LandRover
LQ Newbie
 
Registered: Jul 2007
Posts: 9

Rep: Reputation: 0
WinXP x64 route path to VPN through VMware-> linux


Hey,

This one is a little complicated and I've been cracking my head over it for a while. Right about now I'm crying out for help.

This is the deal, I got cisco vpn to connect to the office but unfortunately I got XP x64 and cisco cant seem to provide a proper client for x64 OS' so far. I don't want to reinstall my computer therefore I found a creative solution.

I decided to install VMware server(which is free now! woohoo) and setup up a light weight ubu-server to run 'VPNC' client to connect to the VPN. So far, so good.
It kinda works, I can access the VPN from the VMware guest hosted ubu, I can ping the local VPN addresses.

The main idea of this solution is to keep the VMware host with the guest ubu minimized, connected to the VPN permanently and route all the traffic from the VPN directly to the host machine.

The VMware GUEST (ubu-server) set with 2 NiCs:
  • VMnet0 - Bridged connection
    • IP: 10.0.0.13 / 255.0.0.0
    • Gateway: 10.0.0.138
  • VMnet1 - Host only
    • IP: 192.168.0.2 / 255.255.255.0
    • Gateway: -
  • VPN TUNNEL-00
    • IP: 172.21.32.39 / 255.255.255.255 (auto assigned by the CISCO PIX)
    • Gateway: -

The VMware HOST (Winxp x64) network settings:
  • Local Area Connection #1
    • IP: 10.0.0.1 / 255.0.0.0
    • Gateway: 10.0.0.138
  • VMnet1 - Host only
    • IP: 192.168.0.1 / 255.255.255.0
    • Gateway: -

The IP I'm trying to access over the VPN is: 172.31.110.244.
From the GUEST machine it works at this point.

On the XP I did a route command to flow all the related traffic through the guest's ip.
  • route add 172.31.0.0 MASK 255.255.0.0 10.0.0.13 METRIC 1
  • route add 172.31.0.0 MASK 255.255.0.0 192.168.0.2 METRIC 1

Tried these two one by one but it didn't come up well.
ping timed out and tracert failed to complete a single hop.

I decided to try bridging the interfaces on the guest, between the gateway associated and the host only.
The script I used to bridge with:
Code:
    brctl addbr br0;
    brctl stp br0 on;
    brctl addif br0 eth0;
    brctl addif br0 eth1;
    (ifdown eth0 1>/dev/null 2>&1;);
    (ifdown eth1 1>/dev/null 2>&1;);
    ifconfig eth0 0.0.0.0 up;
    ifconfig eth1 0.0.0.0 up;
    ifconfig br0 10.0.0.50 broadcast 10.255.255.255 netmask 255.0.0.0 up
    route add default gw 10.0.0.138;
    for file in br0 eth0 eth1;
    do
      echo "1" > /proc/sys/net/ipv4/conf/${file}/proxy_arp;
      echo "1" > /proc/sys/net/ipv4/conf/${file}/forwarding;
    done;
    echo "1" > /proc/sys/net/ipv4/ip_forward;
The br0 interface ip I got: 10.0.0.50.

ifconfig:
Code:
ubu-vpnc:/var/log# ifconfig
br0       Link encap:Ethernet  HWaddr 00:0C:29:7F:5A:E7
          inet addr:10.0.0.50  Bcast:10.255.255.255  Mask:255.0.0.0
          inet6 addr: fe80::20c:29ff:fe7f:5ae7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2796 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3455 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:499156 (487.4 KiB)  TX bytes:462418 (451.5 KiB)

eth0      Link encap:Ethernet  HWaddr 00:0C:29:7F:5A:E7
          inet6 addr: fe80::20c:29ff:fe7f:5ae7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:38210 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8747 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:20330050 (19.3 MiB)  TX bytes:789264 (770.7 KiB)
          Base address:0x1070 Memory:ec820000-ec840000

eth1      Link encap:Ethernet  HWaddr 00:0C:29:7F:5A:F1
          inet6 addr: fe80::20c:29ff:fe7f:5af1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:62 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5102 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:8546 (8.3 KiB)  TX bytes:297839 (290.8 KiB)
          Base address:0x1078 Memory:ec840000-ec860000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:20 errors:0 dropped:0 overruns:0 frame:0
          TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1688 (1.6 KiB)  TX bytes:1688 (1.6 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:172.21.32.39  P-t-P:172.21.32.39  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1390  Metric:1
          RX packets:279 errors:0 dropped:0 overruns:0 frame:0
          TX packets:505 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:285272 (278.5 KiB)  TX bytes:38941 (38.0 KiB)

ubu-vpnc:/var/log#
I've also added some iptables rules to monitor the logs and accept forwarding:
Code:
iptables -P FORWARD ACCEPT
iptables -F FORWARD
iptables -I FORWARD -j ACCEPT
iptables -I FORWARD -j LOG
I've also updated the route command at the XP to this following:
  • route add 172.31.0.0 MASK 255.255.0.0 10.0.0.50 METRIC 1

at this point it looked much better, I tried to ping the destination ip on the host ip and could see the trace log of the iptables which means the traffic from the host goes trough the guest.

also the tracert made a single hop:
Code:
C:\>tracert 172.31.110.244
Tracing route to 172.31.110.244 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  10.0.0.50
  2     *        *        *     Request timed out.
  .....
  30    *        *        *     Request timed out.
syslog at the same point of the trace on the guest machine:
Code:
Sep 26 23:57:11 ubu-vpnc kernel: IN=br0 OUT=tun0 PHYSIN=eth0 SRC=10.0.0.1 DST=172.31.110.244 LEN=78 TOS=0x00 PREC=0x00 TTL=127 ID=16734 PROTO=UDP SPT=137 DPT=137 LEN=58
Sep 26 23:57:12 ubu-vpnc kernel: IN=br0 OUT=tun0 PHYSIN=eth0 SRC=10.0.0.1 DST=172.31.110.244 LEN=78 TOS=0x00 PREC=0x00 TTL=127 ID=16735 PROTO=UDP SPT=137 DPT=137 LEN=58
Sep 26 23:57:14 ubu-vpnc kernel: IN=br0 OUT=tun0 PHYSIN=eth0 SRC=10.0.0.1 DST=172.31.110.244 LEN=78 TOS=0x00 PREC=0x00 TTL=127 ID=16736 PROTO=UDP SPT=137 DPT=137 LEN=58
Sep 26 23:57:23 ubu-vpnc kernel: IN=br0 OUT=tun0 PHYSIN=eth0 SRC=10.0.0.1 DST=172.31.110.244 LEN=78 TOS=0x00 PREC=0x00 TTL=127 ID=16746 PROTO=UDP SPT=137 DPT=137 LEN=58
Sep 26 23:57:24 ubu-vpnc kernel: IN=br0 OUT=tun0 PHYSIN=eth0 SRC=10.0.0.1 DST=172.31.110.244 LEN=78 TOS=0x00 PREC=0x00 TTL=127 ID=16747 PROTO=UDP SPT=137 DPT=137 LEN=58
Sep 26 23:57:26 ubu-vpnc kernel: IN=br0 OUT=tun0 PHYSIN=eth0 SRC=10.0.0.1 DST=172.31.110.244 LEN=78 TOS=0x00 PREC=0x00 TTL=127 ID=16748 PROTO=UDP SPT=137 DPT=137 LEN=58
Sigh! At this point, I don't have any more ideas how to fix the routes to make it work properly.
Any ideas are welcome (not ideas to drop the solution but how to make the route thing work, I also would like to learn from this something )

Regards,
Oleg G.

Last edited by LandRover; 08-30-2008 at 10:47 AM.
 
Old 09-27-2007, 08:34 AM   #2
Dumfrey
LQ Newbie
 
Registered: Jan 2007
Posts: 9

Rep: Reputation: 0
Its interesting

how people approach problems...for example, using a VM to act as a gateway for your x64 box is a good idea, but I am not sure I would have chosen any of the buntu flavors as the VM, I would have used smoothwall, ipcop etc...distros designed for routing and vpn use, in essence, creating a new "gateway" for the x64 box to use, and the gateway is just providing the vpn link to the other network, cisco split tunnelling can then allow internet access while connected to the vpn. Which particular gateway distro to use...i cant really say, I tend to use smoothwall, but I have heard very good stuff about monowall, and its on my to test list 9its bsd based instead of linux, but thats really a plus in a gateway imo).
 
Old 09-28-2007, 03:25 AM   #3
LandRover
LQ Newbie
 
Registered: Jul 2007
Posts: 9

Original Poster
Rep: Reputation: 0
yey
I kinda got the feeling no one would reply

I've tried ipcop before, it has alot of issues with ipsec and xauth (connecting to pix 501).
with the ubu/debian (I'm debian fan ) I've already set the link to the vpn through vpnc and its working.

Anyhow, I suspect few issues but not sure for the current settings:
  • Why do I need to bridge the interfaces eth0(bridged VM) + eth1(Host-only VM) ? (without this the x64 wont pass even the first hop, I think its something to do with the host-only which allows that by I might have done something wrong)
  • How are the iptables FORWARD settings?
  • Is the route on the x64 ok?

Meanwhile, I found an x64 client for windows vista by NCP but unfortunately it drops right after the ip assigment but that's a different story. I really want to make the route solution to work.
anyhow, I need the solution for x64 XP!

So if anyone got a clue..

Regards,
Oleg G.

Last edited by LandRover; 09-28-2007 at 10:53 AM.
 
Old 09-28-2007, 03:03 PM   #4
LandRover
LQ Newbie
 
Registered: Jul 2007
Posts: 9

Original Poster
Rep: Reputation: 0
Yey! I've solved it.
got working gateway from winxp x64 to a cisco vpn (pix 501) via VMware guest running ubu/debian.

Code:
C:\>tracert 172.31.110.244

Tracing route to APP-SAFE [172.31.110.244]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.2.2
  2    50 ms    53 ms    55 ms  APP-SAFE [172.31.110.244]

Trace complete.
If anyone comes across something like this in the future the light could be found here: http://tldp.org/HOWTO/IP-Masquerade-HOWTO/

google4life

Last edited by LandRover; 09-28-2007 at 04:36 PM.
 
Old 10-01-2007, 07:33 AM   #5
Dumfrey
LQ Newbie
 
Registered: Jan 2007
Posts: 9

Rep: Reputation: 0
I would be interested

In how you set up your vpn connection in Debian. I gave a half-hearted attempt one afternoon while home with a fever, but after 35 m9in I fell asleep and havent really got back to it. We also have Pix 501's and it would be nice to be able to use my Ubuntu box to get in to the vpn, as it stands, I have 1 windows xp box left for games and vpn for work left, if I could regulate it to just games...its one step closer.
 
Old 10-02-2007, 02:16 AM   #6
LandRover
LQ Newbie
 
Registered: Jul 2007
Posts: 9

Original Poster
Rep: Reputation: 0
Era:~# apt-cache search vpnc
vpnc - Cisco-compatible VPN client


configure the client and connect

Last edited by LandRover; 08-30-2008 at 10:45 AM.
 
Old 10-03-2007, 07:36 AM   #7
Dumfrey
LQ Newbie
 
Registered: Jan 2007
Posts: 9

Rep: Reputation: 0
Does vpnc

use the same terminology as the cisco vpn server/client set up? I guess if its even close I should be able to figure it out. Thanks for the info, and now that I look back, you did mention vpnc several times =) I will try this out tonight when I get home.
 
Old 02-16-2008, 12:01 PM   #8
BuddyLove
LQ Newbie
 
Registered: May 2004
Distribution: FreeBSD
Posts: 3

Rep: Reputation: 0
Quote:
Originally Posted by LandRover View Post
Yey! I've solved it.
got working gateway from winxp x64 to a cisco vpn (pix 501) via VMware guest running ubu/debian.

Code:
C:\>tracert 172.31.110.244

Tracing route to APP-SAFE [172.31.110.244]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.2.2
  2    50 ms    53 ms    55 ms  APP-SAFE [172.31.110.244]

Trace complete.
If anyone comes across something like this in the future the light could be found here: http://tldp.org/HOWTO/IP-Masquerade-HOWTO/

google4life
Can you please share what you did to finally get this to work?

I'm trying to create the same setup
vista x64 -> [vmware:guest ubuntu-server] -> cisco vpn client -> network

Thanks

Last edited by BuddyLove; 02-16-2008 at 12:03 PM. Reason: clarify using vmware
 
Old 02-22-2008, 12:40 PM   #9
lars49
LQ Newbie
 
Registered: Feb 2008
Posts: 1

Rep: Reputation: 0
Is the implication here that the Linux is a 64 bit OS or is it a 32 bit OS?

I am trying to solve a similar problem
 
Old 02-22-2008, 02:31 PM   #10
BuddyLove
LQ Newbie
 
Registered: May 2004
Distribution: FreeBSD
Posts: 3

Rep: Reputation: 0
Quote:
Originally Posted by lars49 View Post
Is the implication here that the Linux is a 64 bit OS or is it a 32 bit OS?

I am trying to solve a similar problem
In my case it doesn't matter because the cisco vpn client works on 32 and 64 linux. The issue is that the cisco vpn client does not work on windows x64, so thats why I'm trying to create this setup
 
Old 01-29-2009, 09:36 AM   #11
WorkinDude
LQ Newbie
 
Registered: Jan 2009
Location: Canada
Distribution: Ubunutu
Posts: 1

Rep: Reputation: 0
Got it working

I'm fairly new to linux, so I'm amazed to say that I managed to get this working pretty well. Once I have a few minutes I'll post the details of my solution here, so others may benefit.
Briefly, I installed VMWare server, created an Ubuntu 8.10 server virtual machine with vpnc installed, as LandRover describes earlier. I also used the IP-Masquerade-HOWTO link provided earlier in this thread.
The IP-Masquerade document is incredibly long and detailed, but bare in mind that much of it is explanations for how to set up masq for various kernel builds, how to get it working for various clients (e.g. win95, netware!?! etc), the details of non-routable ip subnets, most of which you can safely skip. I'll let you know what parts you actually need.
I had to disable vista's firewall on the vm connection and create a couple of routes through the tunnel, again just as LandRover described.
Once all this was done I was able to run visual studio, connect to the TFS server at work, and synch up without a problem.
I'll post soon with more details.
Thanks for this thread, it really helped a lot!
 
  


Reply

Tags
routing, vmware, vpn, vpnc, winxp, x64


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux - VMWARE - WinXP - Sony Stage homer99 Linux - Software 2 08-26-2006 06:49 PM
dual boot with winxp x64 on a RAID 1 setup digimars Linux - Newbie 3 05-08-2006 06:00 AM
can i run linux mandriver x64 with windows x64 bit if so wich one should i install fi malmac2000 Linux - Software 2 04-26-2006 07:04 AM
Installing Linux via VMWare on WinXP AglaSyS Linux - Software 8 02-25-2005 10:16 AM
Creating a Linux<-WinXP VPN with OpenSwan logo Linux - Security 4 02-07-2005 09:40 AM


All times are GMT -5. The time now is 07:33 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration