Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 19 Dec 2008 14:03:44 +0100
From:      VANHULLEBUS Yvan <vanhu@FreeBSD.org>
To:        Noah Silverman <noah@webclipping.com>
Cc:        freebsd-net@freebsd.org
Subject:   Re: Surf outside Internet through VPN
Message-ID:  <20081219130344.GA38912@zeninc.net>
In-Reply-To: <E35F3ECA-9084-4C96-B4CE-D51E8E76A4A0@webclipping.com>
References:  <E35F3ECA-9084-4C96-B4CE-D51E8E76A4A0@webclipping.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, Dec 19, 2008 at 03:23:57AM -0800, Noah Silverman wrote:
> Hello,

Hi.


> I want to find a way to pass ALL traffic from my laptop THROUGH my  
> office VPN and then out to the Internet.  This is a "road warrior"  
> setup. This gives me a few benefits:  1) I can check my email securely  
> through VPN.  2) No matter where I am, I will always have the external  
> IP of my VPN server when accessing the web.
> 
> I have setup a VPN.  Was able to get it working with either tun or tap  
> interfaces.  That part seems OK.

Ok, I'll guess you're using an IPsec VPN.


> Now what??  (I can see and connect to the VPN server with '10.0.8.1'  
> easily.  I can't see or connect to the outside world.)  Do I need to  
> add some kind of special route in the routing table?
> 
> Would this be better as a tun or using a bridge through tap?

If you're using a tun interface and can access your remote gate
through the tunnel, you may just have to add a default route to this
remote gate (warning: ensure you still have some static routes to
access the public IP of the gate, so your tunnel won't match the
default route, which is reachable through the tunnel....).


You can also just use "simple" IPsec without gif, and you'll have SPD
entries like:

spdadd myip 0.0.0.0/0 any -P out ipsec
esp/tunnel/mypublicIP-GatepublicIP/unique;
for outgoing traffic (and the reverse SPD entry for incoming traffic).

Please note that, for IPsec (and for IKE negociations), 0.0.0.0/0 does
NOT means "any IP", it does REALLY means "the network with base
address 0.0.0.0 and 0 bits of netmask".


Yvan.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081219130344.GA38912>