This is my setup:
.. here should be a picture but I first have to spam you with 5 more questions before I'm allowed to post a url..
I've a cable router to internet @ 192.168.1.1
I've a local lan with my normal windows PC's and now with a newly connected Linux server @ 192.168.1.20
This linux server is the gateway between my local Lan and My wireless Lan @ 192.168.2.20.
I've Freeswan IPsec for secure connection wireless stations to my local lan.
Trusted wireless stations can do everything which a normal station on my local lan can do. (internet, samba, and so on). This all goes through VPN IPsec.
untrusted wireless stations are only allowed to use internet/email.
This is NOT by VPN. I don't use webkey and so on, so everybody can connect to the accesspoint. Linux server should only allow internet/email traffic and reject everything else for these users (except of course the initialisation of VPN because otherwise trusted users can't connect).
I've setup VPN from notebook 192.168.2.151 to linuxserver 192.168.2.20 but only this. I can only ping the linux server and not internet or other local workstations on 192.168.1.x. I need help with this.
When I don't use VPN I can ping from notebook to server, notebook to internal lan (192.168.1.x) but I can't ping internet.
I think I have to do some extra routing but don't know what.
I've a static route in my cable router for 192.168.2.0 to 192.168.1.20 (linux server) and that helped ping from notebook to local lan.
I've been busy for a couple of days now, I've been reading a lot but I've so many options I can't get it working right.
I'm using suse 9 professional.
If somebody can give me the gateway settings, ip forward enable yes or no, FreeSwan ipsec.conf for the vpn and maybe also some help on firewall stuff. (I need to restrict access for untrusted wireless users but enable VPN IPSEC Setup). All help is appreciated. I get confused with firewalling because my eth0 ethernet connection is already secure of my cable router firewall. (secure enough). But Eth1 wifi is unsecure. If I follow Howto's they say the unsecure is internet connection and so use eth1 to connect to internet. It's just the otherway around with me.
Thanx for all your help