Something I’ve struggled with in the past and have avoided doing was trying to get a remote VPN connection shared to all my other local machines. So inevitably a VPN client has crept into each box as I’ve needed the remote access.
Well today I bit the bullet.
Starting with a tiny ubuntu (or whatever flavour linux) with a single NIC (in my case all virtual).
Enable IP forwarding (this is the step most people miss out)
echo 1 > /proc/sys/net/ipv4/ip_forward
Get the vpn up and running
In my case it was VPNC to a remote Cisco network with the –ifmode tap flag to create the tap0 device
Once the vpn is confirmed working directly from the linux box, then we add the forwarding rules
(assuming eth0 is the single physical device)
iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE
iptables -A FORWARD -i tap0 -o eth0 -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tap0 -j ACCEPT
Et voila! Incoming traffic on eth0 gets routed to tap0 (based on your routing table).