Systems, consultation and development 

Facebook E-mail

Sharing a VPN connection – AKA LAN linking

Something I’ve struggled with in the past and have avoided doing was trying to get a remote VPN connection shared to all my other local machines. So inevitably a VPN client has crept into each box as I’ve needed the remote access.

Well today I bit the bullet.

Starting with a tiny ubuntu (or whatever flavour linux) with a single NIC (in my case all virtual).

Enable IP forwarding (this is the step most people miss out)
echo 1 > /proc/sys/net/ipv4/ip_forward

Get the vpn up and running
In my case it was VPNC to a remote Cisco network with the –ifmode tap flag to create the tap0 device

Once the vpn is confirmed working directly from the linux box, then we add the forwarding rules
(assuming eth0 is the single physical device)

iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE
iptables -A FORWARD -i tap0 -o eth0 -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tap0 -j ACCEPT

Et voila! Incoming traffic on eth0 gets routed to tap0 (based on your routing table).

Good luck!

One Response

  1. I found your procedure very interesting, however the config was gone after a reboot. I added the following to ensure Sharing would continue working after a reboot:
    Configure Ubuntu machine (Virtual or real) and establish the VPN connection:
    • Install Ubuntu (14.04.03 in my case)
    • Set a Static IP address for this machine
    • Configure the OpenVPN client and connect to the VPN server. (Using OpenVPN in my case)
    How to setup the IP table and IP forwarding (I am using a tun connection)
    • sudo -i => enter root password
    • iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
    • iptables -A FORWARD -i tun0 -o eth0 -m state –state RELATED,ESTABLISHED -j ACCEPT
    • iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
    • echo 1 > /proc/sys/net/ipv4/ip_forward
    • iptables-save | sudo tee /etc/iptables.sav (Save the iptables)
    Edit /etc/rc.local and add the following lines before the “exit 0” line:
    • iptables-restore < /etc/iptables.sav (allows config to be restored upon reboot)
    Need to make the rc.local executable: (In my case the permissions were not correct)
    • sudo chown root /etc/rc.local
    • sudo chmod 755 /etc/rc.local
    From Ubuntu 10.10 up, edit /etc/sysctl.conf and un-comment: (enables ip_forward after reboot)
    … so that it reads:

Leave a Reply

Home Top Tech Tips Sharing a VPN connection – AKA LAN linking