Created
January 25, 2019 18:49
-
-
Save smoser/800e299ceaabf1af6676356e21c8494c to your computer and use it in GitHub Desktop.
Revisions
-
smoser created this gist
Jan 25, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,45 @@ # nat setup through vpn The goal of this excersise was to connect a system to my desktop system and let it share the vpn. ## systems * **desktop**: It has the following interfaces * `wlp3s0`: wireless managed by network manager connected to a wireless network. * `tun0`: a vpn device set up and managed by network manager * `enp0s25`: an unconnected wireless nic. * **laptop**: this system needed wanted to be on the vpn. It has the following interfaces: * `eth0`: unconnected wired interface ## Setup ### Set up "internal" network. On desktop set up the ipv4. ip link set up dev enp0s25 ip addr add 192.168.1.1/24 dev enp0s25 On desktop set up forwarding. echo 1 > /proc/sys/net/ipv4/ip_forward nic_ex=wlp3s0; nic_in=enp0s25 iptables -t nat -A POSTROUTING -o $nic_ex -j MASQUERADE iptables -A FORWARD -i $nic_ex -o $nic_in -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i $nic_in -o $nic_ex -j ACCEPT On desktop run dnsmasq: touch /tmp/my.conf touch /tmp/my.hosts dnsmasq --no-daemon \ --strict-order --bind-interfaces --except-interface=lo --interface=enp0s25 \ --listen-address=192.168.1.1 \ --dhcp-no-override --dhcp-authoritative \ --dhcp-leasefile=/tmp/my.leases \ --dhcp-hostsfile=/tmp/my.hosts \ --dhcp-range=192.168.1.2,192.168.1.254,1h \ --domain=example.com \ --conf-file=/tmp/my.conf ## Magic Now just connect the `eth0` nic of the laptop to the `enp0s25` nic of the desktop and let it dhcp.