[TriLUG] linode, VPN, SSH
Kevin Otte
nivex at nivex.net
Wed Aug 27 17:12:02 EDT 2014
You generally want to avoid running anything GUI on the Linode. It's
doable, but you will experience pain. Also, you'll probably want to keep
the F5 NAP on the laptop so that your experience is similar to what you
already have.
What I envision (with some made up addresses in the hopes the commands
make sense):
eth0
+--------+ 192.0.1.1 198.51.100.1 +-----------------+
| linode | ------------------------- | vpn.federal.gov |
+--------- +-----------------+
| tun0
| 10.0.100.1
|
|
| 10.0.100.2
+--------+
| laptop |
+--------+
Configure OpenVPN to create a tunnel to your Linode in private address
space. This should be doable with the documentation I provided in
response to [1], namely
https://www.linode.com/docs/networking/vpn/secure-communications-with-openvpn-on-ubuntu-12-04-precise-and-debian-7.
Configure the Linode to do NAT on packets coming from our VPN to the
Internet:
root at linode:~# iptables -t nat -s 10.0.100.0/24 -o eth0 -j MASQUERADE
(exact syntax may differ. I'm doing this from memory)
Configure the laptop to route traffic to vpn.federal.gov over the Linode
VPN:
root at laptop:~# ip route add 198.51.100.1 via 10.0.100.1
At this point we can verify all is working: If you do a traceroute to
vpn.federal.gov you should see the first hop be 10.0.100.1, the next hop
thereafter the Linode gateway, and so on. All the rest of your usual
traffic should be flowing through your normal default route.
Now you can bring up the F5 NAP on your laptop just like you normally
would. It won't see any difference. This mitigates the lack of proxy
support because as far as the NAP is concerned, it's still just using a
straight connection. You've just bent the pipe a little bit. :)
-- Kevin
On 08/27/2014 04:36 PM, Tom Roche wrote:
>
> My VPN experience is limited, and my linode experience is zero, so I'd appreciate some bullshit detection on the following proposal, particularly
>
> 1. regarding where to run the VPN
> 2. whether any of the following sounds un-doable on a linode
More information about the TriLUG
mailing list