All Road Warrior IP routed through office(VPN) possible ?

gary ng garyng2000 at yahoo.com
Fri Aug 15 11:31:00 CEST 2003 

I have read through the documentation and examples but
don't find the information and wish some experts can
give me a helping hand.

The scenario is like this:

Assuming that a road warrior can get access to the
public internet easily through dialup modem, wireless
hotspots or borrowing a friend's cable
connection(assuming it to be 10.0.1.10). A VPN can be
setup to link to the office. As far as I understand,
all traffics to the private network(say 192.168.x.x)
will go through tinc and the rest through the public
real interface(10.0.1.10).

What I want to know is if there is a way to have all
traffic go through VPN back to office(192.168.x.x) and
out to internet from there(assuming the gateway is
192.168.1.1). I understand that some form of proxy arp
is needed at the office side. What I don't know is how
to setup the road warrior.

I see two issues(for the moment) that I don't know how
to solve :

1. DNS/WINS

When I get the public internet access, the DNS is
usually setup by the ISP through DHCP or PPP. But once
I have linked to the office, I want the DNS to point
to the office DNS as there may be internal servers
that the public DNS don't know and I need to access.
However, at the same time, tinc should still use the
public DNS for lookup the VPN gateway back at office
or other branches(am I right about this?)

2. routing

If I set the default gateway to the one on VPN(
192.168.1.1), tinc would have problem sending the UDP
packet through the real public interface(10.0.1.10)
back to office(as it should be through the gateway
provided by the ISP). If I use the ISP setting(default
gateway to 10.0.1.1), any ip outside the
VPN(192.168.x.x) will go out nake. This may not be
desirable as for example in some countries, the
authority may block access to certain address(say
CNN.COM) but if I go through my office network back in
USA, there won't be such restrictions.

Is this possible for road warrior ? If it is a branch
office setup, it shouldn't be too difficult as I can
have all the nodes just specifying default gateway to
the office gateway(192.168.1.1) and tinc machine(the
gateway for 192.168.x.x) can handle that
automatically. The problem is with road warrior where
it serve two roles as a gateway for tinc itself(to the
public) and a VPN gateway for private communication at
the same time.

any pointer/url for me to read ?

thanks for any help in advance.

regards

gary


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/

More information about the Tinc mailing list