Koozali.org: home of the SME Server

outgoing PPTP VPN from server needs extra NAT

Offline FreakWent

  • ***
  • 85
  • +0/-0
outgoing PPTP VPN from server needs extra NAT
« on: February 16, 2014, 06:48:34 AM »
Imagine this:

- SME Server 8.0 with all current updates in server and gateway mode.
- External pptp session established and working from the CLI
- IP routes have been established for some specific external hosts to be reached via ppp1 instead of ppp0.  Pings and traceroutes from the server CLI confirm that it's good.
- Squid generates requests on the server, so internal clients get correct web behaviour, ie, it works well for clients in the browser
- For traffic squid can't handle, or if squid is turned off, packets leave with the original internal IP address intact
- In these cases, remote hosts can't respond, assuming such a silly packet even arrives.

Can anyone think of an elegant way to keep the NAT included in all this, other than manually setting up a new set of NAT rules in iptables?

Thanks for your time everyone!


Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: outgoing PPTP VPN from server needs extra NAT
« Reply #1 on: February 17, 2014, 03:53:44 PM »
I think it might help if you explain why you are trying to do all this - what problem are you trying to solve?

I think you just need to add a custom template for /etc/rc.d/init.d/masq to add MASQUERADE for traffic sent outbound on interface ppp1.