Once your have your VPN client running on a Linux box, sometimes you would like to share that link with that machines on your LAN (either physical LAN or virtual LAN such as Virtual Machines).
Because shrew uses the kernel IPsec VPN, the iptables masquerade rule does not work on the virtual tap0 interface. There does not seem to exist an easy fix.
The work around I have is to install a linux virtual machine (virtualbox) on the host, which has two NICs, one is NAT, the other one is bridging. Then run iptables masquerade on the virtual Linux, taking traffic from the bridged NIC, and send it out to the NATed NIC. On the host, since virtualbox behaves just like any other application, it is able to access all the VPNed network resources. Bingo!
It works well here. Let me know your thoughts.
No comments:
Post a Comment