We have a VPN client running on Windows (because that's the only OS the VPN client will run on) and we have some linux boxes that need to route traffic through that VPN for 10.x.x.x IPs. I'm not sure what's the best approach to configure Windows to route traffic from our Linux boxes through the VPN. I've set the routing tables on Linux to route traffic to the windows box but after that I'm stuck. Any suggestions would be greatly appreciated.
Add a comment
|
3 Answers
Thanks guys. I was able to get it working by using "Simply TCP Proxy". It's a command line utility that seems to work for my needs.
If the VPN client software has created a logical/virtual network card on the Windows machine, you should be able to enable Internet Connection Sharing against it. Depending on your version of Windows, you should be able to open the Network Connections window, right-click the virtual NIC, choose the Advanced tab and tick 'Enable Internet Connection Sharing'.
Of course, how usable this is will be is another matter, since it is unlikely that the Linux devices will be able to actually initiate the connection of the VPN Client tool, so it will probably time out from inactivity on the Windows box.
So the better question might be "How can I translate the configuration of this VPN Client's profile" to FreeSwan/OpenVPN/insert-Linux-VPN-Client here -- it might be easier to achieve.
answered Jul 28, 2011 at 20:54
I don't know enough about the setup to give a really good answer. I had a similar but less complicated problem a while back.
The problem being that traffic from VPN host wouldn't know how to be routed to the linux boxes, through the windows box.
However, I think you should look into the windows route command.
you would use it somewhat like this
route ADD <destination> MASK <sub-net mask> <gateway>
If it's set up like I'm imagining; the linux boxes would either need to be set up to route back to a single windows box(with a different sub-net), or several routes would need to be set up.
Of course I may completely wrong and it isn't possible because of NAT complications, but give me some more information and I'll try to help out.
