Solved

How do I configure Ubuntu Server as a VPN server for virtual machines

Posted on 2007-12-04
22
6,664 Views
Last Modified: 2013-11-15
Hi Experts,

This may be a slightly long winded question, but I want to make sure I include all the necessary info.

I am trying to set up a virtual LAN which is only accessible via a VPN connection.  Here is the setup so far...

I have placed a server in a co-location facility.  The OS on the server is Ubuntu Server 6.0.6 LTS.  I did a standard LAMP installation.  Next I installed VMware Server and created a few virtual machines.  All the VMs are Windows Server 2003 and they are all running Apache 2.0 and FileZilla FTP Server.  The VMs all work fine, as does the host server.

Currently the host server and each of the VMs has a public IP address (ie: they are all Internet facing).  I can connect to the host via HTTP, HTTPS, SSH, and FTP.  I can connect to the VMs via HTTP, FTP and RDP.  But, I see this setup as flawed from a security perspective - I would prefer to hide the VMs from the Internet by assigning private IP addresses and using the Linux host as a kind of proxy.

What I would like to do is setup a VPN server on the host so that the only way anyone can get to the VMs is via a VPN tunnel.  The exception to this would be HTTP.  I would like to configure Apache on the host to use Named Virtual Hosts to forward HTTP traffic to the appropriate VM.  This config I have done before so I know it works.  Where I am having trouble is the VPN side of things.

I have installed Poptop (http://www.poptop.org/), which is a PPTP server solution for Linux.  It seems to work fine in the sense that I can create a new VPN connection on my WIndows PC, and connect to the host server.  When I do an ipconfig on the my Windows PC I get a new PPP connection and IP address:

PPP adapter MyServer VPN:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 10.28.101.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0

When my Windows PC has a VPN connection active and I do an ifconfig on the host, I get this:

ppp0      Link encap:Point-to-Point Protocol
             inet addr:10.28.101.1  P-t-P:10.28.101.100  Mask:255.255.255.255
             UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1396  Metric:1
             RX packets:32 errors:0 dropped:0 overruns:0 frame:0
             TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
             collisions:0 txqueuelen:3
             RX bytes:2447 (2.3 KiB)  TX bytes:98 (98.0 b)

I tried giving each of the VMs a private IP address, for example, 10.28.101.10, 10.28.101.11, etc.  But my Windows PC was unable to ping any of the VMs either by IP address or host name.

In the Poptop config file (/etc/pptpd.conf), I have configured the local IP and remote IPs as follows:

localip 10.28.101.1
remoteip 10.28.101.100-200

I suppose I have a number of questions:

1.  Is my proposed design feasible?  Is it possible to "hide" the VMs from the Internet and only allow access via VPN (except for HTTP)?
2.  Is there a problem with my configuration on either the host or the VMs?  For example, should I use NAT or Bridged networking on the VMs?  Currently I am using Bridged because each VM is using a static public IP address.
3.  Is there a better (or alternative) solution?  I am happy to use a different VPN server product.  My preference is to use one that supports the built in MS VPN client so my customers don't need to install a VPN client (eg: Cisco).

Any help would be greatly appreciated.

Cheers,

Paul Hobbs
0
Comment
Question by:mrgordonz
  • 13
  • 9
22 Comments
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20408652
What you are trying to achieve is definately possible.

Basically you have configured poptop correctly, the issue lies with your VM's & host box.

Firstly, you will need to have all of your VM's in the same virtual network, pick one any one it doesn't matter.  Set them within the same range as 10.28.101.0/24, less than .100 would be ideal as this is where you clients will be assigned.

Once you have them all configured so that are basically private within their own vm network, I forget which networking type it is, they will be private only.

Confirm that you can access all of the servers via ping from the host box.

Once this is confirmed try from one of your clients, it should work at this point, because they are becoming part of your network there isn't a need to enable ip forwarding or anything else.

Setup of apache is easy, just allow Name based virtual hosting, then in each virtual host directive you proxy the request to http://<internal ip>/ and away you go.

If you need more information or specifics I will need to provide this later today when I am at home and can get specifics for you.
0
 

Author Comment

by:mrgordonz
ID: 20408951
Hi WizRd,

Thanks for your response.  I would definitely like to get some more details because my original setup was pretty much as you have described.

Initially I configured the VMs as follows:

IP Address: 10.28.101.10-14
Subnet mask:  255.255.255.0
Default gateway:  10.28.101.1
DNS Server: 10.28.101.1

I set the networking type to Bridged on each VM.

I must confess I didn't try to ping the VMs from the host - I just established a VPN connection from another Windows PC and tried to ping the VMs, which I couldn't.  That was when I decided to just use public IPs until I could get this issue sorted.

At the moment I have got the VMs configured with two IPs - under the TCP/IP properties the main IP is the public one; but on the Advanced properties I have added a private IP address (10.28.101.x).  I am wondering if the issue before was the subnet mask - I had it set to 255.255.255.0.  Is that correct?

I will do as you suggest and change the IP settings on one of the VMs, and then see if I can ping it from the host - I'll post the result when I have it.

Cheers,

Paul
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20409020
Subnet mask of 255.255.255.0 for the private range isn't an issue at all, infact it is the easiest way to do it, unless you want to specifically lock down the private ip's that can access the box.

As you don't have a private IP for the external interface / switch connection other boxes won't be able to talk to the private ip range unless they VPN in.

Definately change 1 of the VM's to be 10.28.101.10/255.255.255.0, a default gateway isn't needed unless they will be routing outside of your network.

Once you have that set, make sure you have an interface on the host in the 10.28.101.x range and try to ping 10.28.101.10.

This should be successful, if not you will need to change the networking type to host-only networking and reboot the VM.

Host-only networking means your VM's can only talk to the host..
0
 

Author Comment

by:mrgordonz
ID: 20409161
I've configured one of my VMs so it has an IP of 10.28.101.8, and subnet mask of 255.255.255.0.  I left Default gateway and DNS servers blank.

The next step in your instructions I'm not so sure about:  

"Once you have that set, make sure you have an interface on the host in the 10.28.101.x range and try to ping 10.28.101.10." (I've used 10.28.101.8, but that shouldn't matter).

How do I make sure there is an interface on the host in the 10.28.101.x range?  I'm a bit of a noobie when it comes to network config in Linux.

Cheers,

Paul
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20409175
login to the console and type "ifconfig"  this will show you the configured interfaces, which should include some vmnet ones
0
 

Author Comment

by:mrgordonz
ID: 20409217
eth0      Link encap:Ethernet  HWaddr 00:1D:60:19:56:E5
          inet addr:202.174.106.226  Bcast:202.174.106.239  Mask:255.255.255.240
          inet6 addr: fe80::21d:60ff:fe19:56e5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:510231 errors:0 dropped:0 overruns:0 frame:0
          TX packets:908880 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:57058718 (54.4 MiB)  TX bytes:703768967 (671.1 MiB)
          Interrupt:169

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:70 (70.0 b)  TX bytes:70 (70.0 b)

vmnet1    Link encap:Ethernet  HWaddr 00:50:56:C0:00:01
          inet addr:172.16.203.1  Bcast:172.16.203.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

vmnet8    Link encap:Ethernet  HWaddr 00:50:56:C0:00:08
          inet addr:192.168.156.1  Bcast:192.168.156.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:135 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20409236
You need to configure one of the vm interfaces to be on the same network as your VM's and make sure that they are configured to be in the same vmnet as is configured for the host.
0
 

Author Comment

by:mrgordonz
ID: 20409375
As I understand it VMware provides a bunch of network interfaces:

vmnet0 = Bridged
vmnet1 = Host only
vmnet8 = NAT

and then there are all the other ones.  I've never actually used any of the other ones, so I'm not sure how to go about configuring them.  

After doing a bit of searching on the net, I think I need to re-run vmware-config.pl and configure one of the other interfaces (eg: vmnet2).  Is that correct?  The following URL has pretty clear instructions on configuring a custom interface:  http://wiki.untangle.com/index.php/Untangle_Virtual_Appliance_on_VMware
0
 

Author Comment

by:mrgordonz
ID: 20410392
Well, I think I have done all that you suggested.  I have configured vmnet2 as follows:

vmnet2    Link encap:Ethernet  HWaddr 00:50:56:C0:00:02
          inet addr:10.28.101.1  Bcast:10.28.101.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fec0:2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:52 errors:0 dropped:0 overruns:0 frame:0
          TX packets:50 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)


The VM is configured as follows:

IP Address:  10.28.101.8
Subnet mask:  255.255.255.0


I can ping the VM from the host:

phobbs@ozsabasvr01:~$ ping 10.28.101.8
PING 10.28.101.8 (10.28.101.8) 56(84) bytes of data.
64 bytes from 10.28.101.8: icmp_seq=1 ttl=128 time=13.3 ms
64 bytes from 10.28.101.8: icmp_seq=2 ttl=128 time=0.159 ms
64 bytes from 10.28.101.8: icmp_seq=3 ttl=128 time=0.183 ms
64 bytes from 10.28.101.8: icmp_seq=4 ttl=128 time=0.169 ms


And I can ping the host from the VM:

C:\Documents and Settings\Administrator>ping 10.28.101.1

Pinging 10.28.101.1 with 32 bytes of data:

Reply from 10.28.101.1: bytes=32 time<1ms TTL=64
Reply from 10.28.101.1: bytes=32 time<1ms TTL=64
Reply from 10.28.101.1: bytes=32 time<1ms TTL=64
Reply from 10.28.101.1: bytes=32 time<1ms TTL=64

Ping statistics for 10.28.101.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms


When I get a VPN connection from my Windows (Vista) PC to the server, I am assigned an IP in the range 10.28.101.100-200 (which is what I specified in the Poptop config file (/etc/pptpd.conf):

C:\Users\phobbs>ipconfig

Windows IP Configuration

PPP adapter Ozsaba VPN:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 10.28.101.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0


From my PC I can ping the server:

C:\Users\phobbs>ping 10.28.101.1

Pinging 10.28.101.1 with 32 bytes of data:

Reply from 10.28.101.1: bytes=32 time=155ms TTL=64
Reply from 10.28.101.1: bytes=32 time=136ms TTL=64
Reply from 10.28.101.1: bytes=32 time=129ms TTL=64
Reply from 10.28.101.1: bytes=32 time=143ms TTL=64

Ping statistics for 10.28.101.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 129ms, Maximum = 155ms, Average = 140ms


But I can't ping the VM:

C:\Users\phobbs>ping 10.28.101.8

Pinging 10.28.101.8 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.28.101.8:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


Have I missed something?  The subnet mask on my PC when I am connected to the VPN is 255.255.255.255 - is this correct?  Is there a setting in Poptop which relates to this?

Cheers,

Paul
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20416306
Ahhh crap I'm an idiot... sorry mrgordonz, the networking type will have to be Bridged.

My apologises, once you have set the VM to this, restart it, redo the testing, ping from host, ping from VPN.
0
 

Author Comment

by:mrgordonz
ID: 20416571
Hi WizRd-Linux,

I changed the networking type to bridged, and restarted the VM - but now the host can't ping the VM.  Then it occurred to me that the vmnet2 interface was configured as host-only, so I am re-running vmware-config.pl.  But now I am stumped.  I assume I need to make vmnet2 a bridged interface, but it won't let me cos it says the ethernet device eth0 is already configured as a bridged device.  I hope you don't mind but I have pasted the screen output from running vmware-config.pl:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
phobbs@ozsabasvr01:~$ sudo /usr/bin/vmware-config.pl
Making sure services for VMware Server are stopped.

Stopping VMware services:
   Virtual machine monitor                                             done
   Bridged networking on /dev/vmnet0                                   done
   DHCP server on /dev/vmnet1                                          done
   Host-only networking on /dev/vmnet1                                 done
   DHCP server on /dev/vmnet2                                          done
   Host-only networking on /dev/vmnet2                                 done
   DHCP server on /dev/vmnet8                                          done
   NAT service on /dev/vmnet8                                          done
   Host-only networking on /dev/vmnet8                                 done
   Virtual ethernet                                                    done

Configuring fallback GTK+ 2.4 libraries.

In which directory do you want to install the mime type icons?
[/usr/share/icons]

What directory contains your desktop menu entry files? These files have a
.desktop file extension. [/usr/share/applications]

In which directory do you want to install the application's icon?
[/usr/share/pixmaps]

Trying to find a suitable vmmon module for your running kernel.

None of the pre-built vmmon modules for VMware Server is suitable for your
running kernel.  Do you want this program to try to build the vmmon module for
your system (you need to have a C compiler installed on your system)? [yes]

Using compiler "/usr/bin/gcc". Use environment variable CC to override.

What is the location of the directory of C header files that match your running
kernel? [/lib/modules/2.6.15-26-server/build/include]

Extracting the sources of the vmmon module.

Building the vmmon module.

Using 2.6.x kernel build system.
make: Entering directory `/tmp/vmware-config0/vmmon-only'
make -C /lib/modules/2.6.15-26-server/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.15-26-server'
  CC [M]  /tmp/vmware-config0/vmmon-only/linux/driver.o
  CC [M]  /tmp/vmware-config0/vmmon-only/linux/hostif.o
  CC [M]  /tmp/vmware-config0/vmmon-only/common/cpuid.o
  CC [M]  /tmp/vmware-config0/vmmon-only/common/hash.o
  CC [M]  /tmp/vmware-config0/vmmon-only/common/memtrack.o
  CC [M]  /tmp/vmware-config0/vmmon-only/common/phystrack.o
  CC [M]  /tmp/vmware-config0/vmmon-only/common/task.o
  CC [M]  /tmp/vmware-config0/vmmon-only/common/vmx86.o
  CC [M]  /tmp/vmware-config0/vmmon-only/vmcore/moduleloop.o
  LD [M]  /tmp/vmware-config0/vmmon-only/vmmon.o
  Building modules, stage 2.
  MODPOST
  CC      /tmp/vmware-config0/vmmon-only/vmmon.mod.o
  LD [M]  /tmp/vmware-config0/vmmon-only/vmmon.ko
make[1]: Leaving directory `/usr/src/linux-headers-2.6.15-26-server'
cp -f vmmon.ko ./../vmmon.o
make: Leaving directory `/tmp/vmware-config0/vmmon-only'
The module loads perfectly in the running kernel.

This program previously created the file /dev/vmmon, and was about to remove
it.  Somebody else apparently did it already.

You have already setup networking.

Would you like to skip networking setup and keep your old settings as they are?
(yes/no) [no]

Do you want networking for your virtual machines? (yes/no/help) [yes]

Would you prefer to modify your existing networking configuration using the
wizard or the editor? (wizard/editor/help) [wizard] editor

The following virtual networks have been defined:

. vmnet0 is bridged to eth0
. vmnet1 is a host-only network on private subnet 172.16.203.0.
. vmnet2 is a host-only network on private subnet 10.28.101.0.
. vmnet8 is a NAT network on private subnet 192.168.156.0.

Do you wish to make any changes to the current virtual networks settings?
(yes/no) [no] yes

Which virtual network do you wish to configure? (0-99) 2

What type of virtual network do you wish to set vmnet2?
(bridged,hostonly,nat,none) [hostonly] bridged

Removing a host-only network for vmnet2.

Configuring a bridged network for vmnet2.

Your computer has multiple ethernet network interfaces available: eth1, vmnet1,
vmnet2, vmnet8. Which one do you want to bridge to vmnet2? [eth0]

The ethernet device "eth0" is already configured as a bridged device.

Your computer has multiple ethernet network interfaces available: eth1, vmnet1,
vmnet2, vmnet8. Which one do you want to bridge to vmnet2? [eth0]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The server actually has two NICs - eth0 and eth1.  But only eth0 is being used (ie: it is the only one with a network cable plugged into it).  Should I use eth1?  

Cheers,

Paul
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20416891
The easiest way to move forward with this would be to change the vmnet for the Virtual Machine to vmnet0 and configure vmnet0 to be in the 10.28.101.x range.

Remove the configuration for VMnet2 to start with.
0
 

Author Comment

by:mrgordonz
ID: 20416959
Maybe I'm being thick here, but I didn't think you could configure vmnet0 to be in a particular IP range.  As I understand it, because it is bridged to the actual ethernet device (eth0), the VM would get it's IP address from a DHCP server.  But in my case, eth0 is configured with a static IP - a public IP provided to me by the co-lo facility.

Would it work if I was to configure vmnet2 as a NAT interface, in the range 10.28.101.x?  Or alternatively, I could reconfigure vmnet8 to use the IP range 10.28.101.x?  vmnet8 is the default NAT interface, but I believe it can be reconfigured to use a different IP range.
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20417030
You are right now you have mentioned that, sorry I'm trying to do this all from memory at the moment.

If you Nat the connection that will not work with what you want to do.  A natted connection "shares" the IP of the host machine, typically the same as a router.

It just dawned on me what I missed before with Host-only networking, you need the linux server to "forward" the packets through and your VPN clients need to have their default IP set to the host.  Reason behind this is the host is the only device on the network that can see the VM's when in this mode.

The bridged networking will work, but you will need to bring up eth1 in the private range and then bridge the vm interfaces to it.  You would then assign the VM's an internal IP, little messy but will work.
0
 

Author Comment

by:mrgordonz
ID: 20417067
So, let me see if I have it straight....

I can use host-only or bridged, but not NAT.  If I use bridged, I need to use eth1, and assign it an IP address in the 10.28.101.x range.  I'm not sure how I would do this.  Does this mean adding some stuff into /etc/network/interfaces?  Currently, the values in the interfaces file are:


# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
       address 202.174.106.226
       netmask 255.255.255.240
       network 202.174.106.224
       broadcast 202.174.106.239
       gateway 202.174.106.225


Would I add something like this:

auto eth1
iface eth1 inet static
       address 10.28.101.1
       netmask 255.255.255.0
       network ???.???.???.???
       broadcast ???.???.???.???
       gateway ???.???.???.???


You said "your VPN clients need to have their default IP set to the host" - I'm not sure what you mean by that.  Isn't the VPN client IP assigned by Poptop in the range 10.28.101.100-200 (or whatever I specify in the poptop config file)?

Please forgive me if I'm being dense - this is all new to me, and my limited knowledge of Linux and networking fundamentals is not helping.  :)
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20417311
If you do host-only you will need to enable ip forwarding and your vpn clients will need a default gateway of your host box, you will also need to change the "range" they are provided otherwise they will not attempt to route the traffic through the default gateway.

If you choose bridged you may need to get a cable plugged into eth1 that connects to even just a hub that doesn't do anything other than provide a link.

iface eth1 inet static
       address 10.28.101.1
       netmask 255.255.255.0
       broadcast 255.255.255.0
0
 

Author Comment

by:mrgordonz
ID: 20417538
Mate - you will have really earned your 500 points by the end of this!!

I am thinking the simplest option is host-only.  I'm not sure how the co-location people would feel about having a hub sitting around just so I can enable eth1.

How do I enable IP forwarding?  Is this a Linux setting?  Or a VMware setting?  Or a Poptop setting?  

At the moment (with the current settings), when I connect to the VPN, this is what I get when I do an ipconfig /all:

PPP adapter Ozsaba VPN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Ozsaba VPN
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.28.101.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   NetBIOS over Tcpip. . . . . . . . : Enabled

What should be the range the VPN clients are assigned.  The current setting in pptpd.conf is:

localip 10.28.101.1
remoteip 10.28.101.100-200

How do I get the VPN server to assign 10.28.101.1 as the default gateway for the VPN clients?  And should the Subnet mask on the VPN client be 255.255.255.255 or 255.255.255.0?

This is all starting to do my head in!
0
 
LVL 13

Accepted Solution

by:
WizRd-Linux earned 500 total points
ID: 20417646
Enable IP Forward by editing /etc/sysctl.conf and change the ip_forward = 0 to ip_forward = 1

The subnet mask should be 255.255.255.0 otherwise you can only talk to yourself, and wouldn't even be able to talk to the host.

The default gateway needs to be set to the server, which on the client connecting, go into the properties of VPN connection, tcpip settings, advanced settings and reverse the tick box Use default gateway on remote network.
0
 

Author Comment

by:mrgordonz
ID: 20417691
I'm guessing you are in Australia, because you seem to be working in the same timezone as me.  In the interests of resolving this quickly, would you object to me calling you?  Or if you prefer not to give out your number, would you be willing to call me?

I'm just conscious that I have a bit of a deadline to meet.

Cheers,

Paul
0
 

Author Comment

by:mrgordonz
ID: 20419145
Great news!!  It is all working now.  The final config is as follows:

VMs:  static IP 10.28.101.10-99
Host:  vmnet2 interface is host-only IP 10.28.101.1 netmask 255.255.255.0
pptpd.conf:  localip=10.28.101.1  remoteip=10.28.101.100-200
VPN client:  bog standard VPN connection (makes no difference whether I check or uncheck the checkbox for "Use default gateway on remote network"), except that if it is checked I can't browse other sites

I have configured all the VMs so that they only have private IPs, which now makes them secure from prying eyes on the net.

Thanks so much for your help - you've well and truly earned the points.
0
 

Author Comment

by:mrgordonz
ID: 20419151
I should add - I think the key step was enabling IP forwarding in /etc/sysctl.conf.  Initially when I made the change, it still wasn't working.  But I rebooted the host and hey presto it all started working.
0
 

Author Closing Comment

by:mrgordonz
ID: 31412758
WizRd-Linux was great!  Very patient and obviously an expert in the field.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
In this article, I will show you HOW TO: Create your first Windows Virtual Machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, the Windows OS we will install is Windows Server 2016.
Teach the user how to edit .vmx files to add advanced configuration options Open vSphere Web Client: Edit Settings for a VM: Choose VM Options -> Advanced: Add Configuration Parameters:
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now