Re: Surf outside Internet through VPN

On Fri, Dec 19, 2008 at 03:23:57AM -0800, Noah Silverman wrote:
Hello,

Hi.


I want to find a way to pass ALL traffic from my laptop THROUGH my
office VPN and then out to the Internet. This is a "road warrior"
setup. This gives me a few benefits: 1) I can check my email securely
through VPN. 2) No matter where I am, I will always have the external
IP of my VPN server when accessing the web.

I have setup a VPN. Was able to get it working with either tun or tap
interfaces. That part seems OK.

Ok, I'll guess you're using an IPsec VPN.


Now what?? (I can see and connect to the VPN server with '10.0.8.1'
easily. I can't see or connect to the outside world.) Do I need to
add some kind of special route in the routing table?

Would this be better as a tun or using a bridge through tap?

If you're using a tun interface and can access your remote gate
through the tunnel, you may just have to add a default route to this
remote gate (warning: ensure you still have some static routes to
access the public IP of the gate, so your tunnel won't match the
default route, which is reachable through the tunnel....).


You can also just use "simple" IPsec without gif, and you'll have SPD
entries like:

spdadd myip 0.0.0.0/0 any -P out ipsec
esp/tunnel/mypublicIP-GatepublicIP/unique;
for outgoing traffic (and the reverse SPD entry for incoming traffic).

Please note that, for IPsec (and for IKE negociations), 0.0.0.0/0 does
NOT means "any IP", it does REALLY means "the network with base
address 0.0.0.0 and 0 bits of netmask".


Yvan.
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Unusual VPN setup, ISA/Cyberguard
    ... I've just been asked to consult to a company who have had a VPN setup by ... VPN Subnets: ... there is a switch in the way that is dropping the traffic. ... have you tried going to CMD and typing ROUTE PRINT? ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN Routing Problem
    ... "route print" showed the absence of any path for 172.16.200.0 traffic, which of course is why it was getting routed through the default gateway. ... Of course, when the VPN Server decides to allocate a different IP address to the client, I wonder if the route will once more fail? ... I can't put IP reservations onto the DCHP server associated with the VPN service, so can only influence the range of IP addresses given. ...
    (alt.os.windows-xp)
  • Re: VPN vs SSL client side certificates
    ... I've been asked to setup a web server for a site with security ... >>One suggestion was to setup a VPN (which I'm reading to mean some IPSEC ...
    (comp.security.misc)
  • RE: Route added by RRAS that overrides local LAN route on NIC
    ... I am using SBS as the VPN server. ... The route I am speaking of is the route to local LAN that is put in the ... After the RAS client connects there is another route added so the two ...
    (microsoft.public.windows.server.sbs)
  • Re: Using pptp as VPN on FB7
    ... is the address of the VPN server, it is also the IP address of VPN gateway when I connected to the VPN tunnel. ... I think may be the route command in the mpd5 is something wrong or out-of-date? ... IPCP: LayerStart ... CCP: LayerStart ...
    (comp.unix.bsd.freebsd.misc)