SSH VPN Default Gateway Help

Question

I am setting up an SSH TUN ("-w") VPN using this how-to: https://help.ubuntu.com/community/SSH_VPN

I have the following in my /etc/network/interfaces:

iface tun0 inet static
       pre-up ssh -f -w 0:0 singpolyma.dnsalias.net 'ifdown tun0; ifup tun0'
       pre-up sleep 10
       address 10.0.0.2
       pointopoint 10.0.0.1
       netmask 255.255.255.0
       up route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.2 tun0
       up route add singpolyma.dnsalias.net gw 10.2.1.1 eth0
       up route add default gw 10.0.0.1 tun0
       up route del default gw 10.2.1.1 eth0
       down route add default gw 10.2.1.1 eth0
       down route del default gw 10.0.0.1 tun0
       down route del -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.2 tun0
       down route del singpolyma.dnsalias.net gw 10.2.1.1 eth0

Then tun0 on the machine I'm tunneling from (the ssh client) comes up fine, but traffic does not route. This makes some sense, since that code is trying to use 10.0.0.1 (the tun IP of the machine I'm SSHing into) as default gateway instead of the actual remote default gateway. When I put the actual remote gateway IP (192.168.0.1) in the routes, the commands fail with a "not found" error.

What should I be doing differently?

Answer 1

In addition to running:

sysctl -w net.ipv4.ip_forward=1

on Ubuntu it seems you also need to run:

iptables -P FORWARD ACCEPT
iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE