Hi I have a Windows client connecting to a Linux box running Shorewall (3.0.5). That all works perfectly. On the Windows system, the "Use default gateway on remote network" box is ticked; however, Windows clients are unable to access the Internet whilst connected to the VPN. Option 1, of course, is to uncheck the "remote gateway" box. However, that means that the server address is different when the user is on the LAN to when they are connected via the VPN (LAN is 10.0.xx.0/24, VPN is 172.16.0.1 using pptpd). Option 2 would be to define a route on the Windows system when the VPN is active to say that 10.0.xx.* can be found via 172.16.0.1, but I can''t see any automated when to define a route upon establishing the VPN, and remove it on teardown, under Windows. Option 3 is to allow incoming VPN clients to route back out to the Internet. That''s what I''m trying to achieve, but so far without success. Grateful for hints. Thanks, Keith Setup: /etc/shorewall/tunnels: pptpserver net 0.0.0.0/0 /etc/shorewall/interfaces net eth0 detect tcpflags,nosmurfs,logmartians,routeback loc eth1 detect dhcp,tcpflags,detectnets,nosmurfs loc ppp+ /etc/shorewall/policy loc net ACCEPT /etc/shorewall/masq eth0 eth1 ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Keith Edmunds wrote:> Hi > > I have a Windows client connecting to a Linux box running Shorewall > (3.0.5). That all works perfectly. On the Windows system, the "Use > default gateway on remote network" box is ticked; however, Windows > clients are unable to access the Internet whilst connected to the VPN. > > Option 1, of course, is to uncheck the "remote gateway" box. However, > that means that the server address is different when the user is on the > LAN to when they are connected via the VPN (LAN is 10.0.xx.0/24, VPN is > 172.16.0.1 using pptpd). > > Option 2 would be to define a route on the Windows system when the VPN > is active to say that 10.0.xx.* can be found via 172.16.0.1, but I can''t > see any automated when to define a route upon establishing the VPN, and > remove it on teardown, under Windows.Nod -- OpenVPN has this capability but not PPTP IIRC. You can make it a persistant route on Windows though; the route will only be available when the PPP driver is active.> > Option 3 is to allow incoming VPN clients to route back out to the > Internet. That''s what I''m trying to achieve, but so far without success. > > Grateful for hints. > > Thanks, > Keith > > Setup: > > /etc/shorewall/tunnels: > pptpserver net 0.0.0.0/0 > > /etc/shorewall/interfaces > net eth0 detect tcpflags,nosmurfs,logmartians,routeback > loc eth1 detect dhcp,tcpflags,detectnets,nosmurfs > loc ppp+ > > /etc/shorewall/policy > loc net ACCEPT > > /etc/shorewall/masq > eth0 eth1 >You are going to have to masquerade traffic originating from 172.16.0.0/<whatever> also. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key