Militantly FREE software support.
Militantly FREE software support.
NavigationUser loginSpam?See spam posts on this site? If so, please don't reply to the spam! Instead, just report the URL to the webmaster. |
openvpn, tun, ipmasq & iptables.Mumia Paduille & others, mp> ... iptables ... might go something like this ... Thanks! This is my instance, not yet tested. #========= My remaining concerns involve interactions of openvpn, tun, * Should I remove ipmasq and try to achieve LAN routing * Where does tun operate? Does it use iptables? Does it work * Will iptables recognize the tunnel address in the rules above? I am trying to resolve some of the questions before spending Desktops.OpenDoc http://carnot.yi.org/ -- Bookmark/Search this post with: 
|
• Debian Weekly News - Essential reading for any Debian fan. • Documentation - Debian's own authoritative documentation, including installation docs. • FAQ - Got questions about Debian GNU/Linux? • From Windows to Debian - Tips for converting from Windows to Debian GNU/Linux • Package of the Day. • Security - Security information and alerts! • Bug System - Bug tracking and instructions on reporting bugs. • CD Images - Where/how to get Debian GNU/Linux CD images. • Mailing List Subscription - Dozens of Debian-specific support mailing lists! • Mailing List Archives - Searchable archives of Debian's mailing lists. • Free Software Guidelines - Learn Debian's idea of what "free" software really is. • Package Listings - A very valuable tool: searchable, integrated with bug reports. • Apt-Get Sources - Sources for *.debs which are not official Debian packages. • Backports - Unofficial new software packages that have been "back-ported" to work with the Debian stable/official release. • Developer's Corner - Info about the people behind Debian, policies, and how to package *.deb files.
Re: openvpn, tun, ipmasq & iptables.
The problem is not that serious.
You just need to allow IP-masquerading on both the interfaces, whereas by default it only masquerades tun0.
I solved it this way in my setup:
<<< become root at command line and execute:
cd /etc/ipmasq/rules
cp A01interfaces.{def,rul}
>>>
now edit A01interfaces.rul and after these two lines:
#find interface names
EXTERNAL_OUT=$(default-if | sort -u)
add the following *extra* line
EXTERNAL_OUT="$(default-if | sort -u) $(enumerate-if | sort -u | grep ppp | grep -v "$EXTERNAL_OUT")"
This adds any ppp interfaces to the list of 'external' interfaces (ie ones that should be masqueraded), provided that they are not already in the list.
You may need to do other things dependent on your setup. The above works for me on sarge.