Hello all,

I've been spending all day on this without luck. I think I'm close but not sure what I'm missing here.

What I'm trying to do:

I set up a simple Ubuntu VM to act as a dedicated VPN server. I want to connect my main system to that VM in order to use it's connection to the VPN. The reason for this is because I'm currently using my router to do this, but the router slows down way too much (300mhz). I also want to keep the OpenVPN client off of my main system.

Here's where I'm at:

-- Created Ubuntu server VM
-- Set server up with two interfaces. One is bridged to my network(WAN) the other is a NAT interface (Want it to be my gateway for the client)
-- My main network address is standard at 192.168.1.0/25
-- Set WAN interface on VM to DHCP
-- Set NAT interface on VM to 192.169.10.1, netmask 255.255.255.0
-- Created iptable rules following an official Ubuntu guide, basically setting up Masquerading and somehow bonding the two interfaces.(This may be an issue, but I can't even get to this point yet)

I'm not sure how to set up my client correctly or at this point anything...(I've been going around in circles for some time now).

I tried to set the gateway to my client to the IP address of my NAT VM connection. Meaning I set the gateway to 192.168.10.1. I've also, just for giggles, set my ip address on my client to that address. No luck.

I'm not really sure what information would help at this point. I work with linux systems all the time, but put me in front of network configs and I seem to be out of my element(at least for now ).

Thanks in advance.

You're doing stuff and it's not working. Stop.

Design your network, draw it out and then build it. Remember that a VM is a serious drain on CPU power and it's possible to throttle back the VM so far in Virtual box & friends that it's extremely slow.


Get it working first. Worry about maximising bandwidth later.

Thanks!

I'm running around in circles at this point, so yes I need to stop, plan it out, then try to apply one step at a time.

I'll post again when I have a better plan of attack.

This is more for a home server use, so I'm not very worried about cpu drain at this time. It's also something I've been wanting to try and accomplish for some time.

OK. I have a general question that I'm getting conflicting information about online(or I'm not understanding it).

I've attached a picture of my network sketch.

My question is:

Does my gateway connection need to be in or out of the range of my router? My router is on 192.168.1.1. I set my gateway to 192.168.10.2. I set it to this so that it is separated from my router. Is this the way it's usually done, or do I need to set it to an IP in my DHCP range?

Attached Thumbnails

 

Just looking at the sketch, you are making a rod for your back by having so much variation in the chosen IPs. You have 192.168.1. x, 192.168.2.x, 192.168.10.x. Can you get any interfaces out of the loop? The gateway should connect directly to the router unless there's a separate firewall. I would make a firewall IP address in the same /24 as the gateway. The gateway can be any IP. The only thing that cares about the dhcp range is dhcp.


You're also bringing in LAN, wan, & internet in different places. I would like to see them go into the router, perhaps through the firewall if you use one.

sounds to me like you're trying to make a transparent proxy(?). I did that using squid and a couple of scripts. This website shows how it's done with centos, http://www.krizna.com/centos/how-to-...y-on-centos-6/. It's the squidfw.sh script that makes it work, however if you're running a vpn you'll need a second script, because the 'INTERNET="eth0" bit will have to be changed to INTERNET="tun0".
So first you run squidfw.sh and verify you can surf the net, then you start your vpn, confirm it's connected and then run your second script which will make your gateway the 'tun0' interface.