Technology
Stefan Damian, Leave a Comment on Route traffic to specific IP(s) through a VPN connection
,

Route traffic to specific IP(s) through a VPN connection

The use-case is considering two networks in two different location communicating over Internet, having the same IP class (but it could be extrapolated for two different classes) are the static IPs are configured without collisions.

  • Install a VPN server in first location:
    • IP of VPN Server in local LAN: 192.168.121.2 (L1)
    • IP of VPN Server in VPN LAN: 192.168.111.0
  • Install a VPN client in the second location and the VPN connection to be persistent (create a cron script to reconnect when the connection is dropped)
    • IP of VPN Client in local LAN 192.168.121.4 (L2)
    • IP of VPN Client in VPN LAN: 192.168.111.1
  • Configure VPN Client to point out to specific hosts from the other location over VPN. Actually it is necessary to define routes (static routes) to specific host from the orther location.
    • it is supposed that the VPN interface is ppp0
    • the host from the remote location that have to be accessed are:
      • 192.168.121.2 (L1)
      • 192.168.121.3 (L1)
    • add specific routes (to the host that have been mentioned before):
      • route add -host 192.168.121.2 dev ppp0
      • route add -host 192.168.121.3 dev ppp0
    • enable IP forwarding in /etc/sysctl.conf
      • Set:net.ipv4.ip_forward = 1
      • Run: sysctl -p
    • Configuring to route packages between two private networks. Add the follwogin rules in iptables from VPN client:
      • iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
      • iptables -A FORWARD -i ppp0 -o eth0 -m state –state RELATED,ESTABLISHED -j ACCEPT
      • iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
  • In order to acces from the second location the static IPs from the first location it is necessary to add some routes (one from each IP)
      • sudo route add -host 192.168.121.2 gw 192.168.121.4
      • sudo route add -host 192.168.121.3 gw 192.168.121.4
    • The configuration sais to route the traffic to 192.168.1.3 from L1 using a local gateway built over VPN Client located in L2.
    • For Windows client, the static (persistent) routes look like:
      • route add -p 192.168.121.2 mask 255.255.255.255 192.168.121.4
      • route add -p 192.168.121.3 mask 255.255.255.255 192.168.121.4

In this way a client that received an IP in the second location will be able to access the static IPs from first location without to initiate VPN connection

If the client routes (in the second locations) will become persistent configuring them in router then this configuration and access will become transparrent for the end-user and it will be created a “big” network over the Internet (and VPN), having one single IP class.

Leave a Reply