I have a scenario where I have VPN access to a corporate server running W2K8, say 192.168.1.2. The default gateway to the internet on that network is 192.168.1.1 (another W2K8). I am on a home lan with my computer's ip being 192.168.1.100 and the default gateway to the internet being 192.168.1.1 here too. The two tunnel endpoints are 192.168.150.8 (workstation) and 192.168.150.10 (server).
When I connect to the VPN from Windows 7, routing is automatically set up, so that the 192.168.1.0/24 subnet corresponds to the remote 192.168.1.0/24, so therefore I can use all services on the corporate lan, and access the internet through the corporate internet gateway.
On Ubuntu however, this is not done automatically (which is good, since I want something else). I would like to achieve, that the 192.168.111.0/24 subnet on my workstation corresponds to the corporate 192.168.1.0/24 subnet. I think this could be done with a little iptables/ip rule/ip route magic. However, I am not sure how exactly, though. I think the following would probably work:
- add a rule to mangle/prerouting in iptables to mark all packages heading to 192.168.111.0/24
- add an ip rule to put packages with the mark to a table (say 'vpn')
- add an ip route to route packages from the 'vpn' table through the vpn network interface ('ppp0')
- add a postrouting rule to iptables that changes the destination ip of any packet heading to the 192.168.111.0/24 subnet to head to the 192.168.1.0/24 subnet.
- add a rule to input (or maybe somewhere else?) in iptables to change any packet's source ip from 192.168.1.0/24 to 192.168.111.0/24 if it came from ppp0.
However, currently (with none of the above implemented)
ping -I ppp0 192.168.1.1
times out. Is that expected to happen?
Also, would my steps above do what I expect them to? If yes, what would the exact rules be? If no, how could I do what I would like to?
Thanks in advance,