3

Network 1 has 2 computers, PC1 and PC2. PC1 has access to a VPN. PC2 Does not. Is there a way that PC2 can route its traffic through the VPN on PC1?

a possible Idea that I came up with would be SSH Tunneling. As long as I know a finite list of endpoints that I want to access through the VPN, I could set up specific SSH tunnels to those specific endpoints and access them through localhost:{port-number-i-defined-for-that-specific-endpoint}

Would that even work? is there a cleaner setup that someone else could think of?

Improve this question

1 Answer 1

Reset to default
1

(As you don't mention any operating system, I'll assume that it's all Linux).

You'll need to ensure that packet forwarding is enabled on PC1. To do this permanently, add a file in /etc/sysctl.d/ (I called mine local.conf):

net.ipv4.ip_forward = 1

You'll also want to set its iptables to do NAT, by editing /etc/iptables.rules (assuming you have an interface up rule to iptables-restore the rules file):

*nat
-A POSTROUTING -o tun0 -j MASQUERADE 
COMMIT

On PC2, you'll want to route traffic to your VPN via PC1. Assuming it has a single Ethernet interface, add a route command to the up and down commands in your /etc/network/interfaces.d/eth0 (or to /etc/network/interfaces if you're using a single file for all interfaces):

iface eth0 inet static
      address 192.168.0.2
      netmask 255.255.255.0
      broadcast 192.168.0.255
      pre-up iptables-restore </etc/iptables.eth0.rules
      up route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.0.1
      down route del -net 10.0.0.0 netmask 255.0.0.0

I've assumed above that PC1 should be 192.168.0.1 and PC2 should be 192.168.0.2, and that your VPN appears as 10.x.x.x; substitute your own values as appropriate.

You'll probably want to create the route by hand the first time, and only add it to the interface file when you're happy it's doing the right thing.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .