I am trying to configure an SSH VPN (using its -w option) to secure my FreeBSD laptop's Internet connection whilst on the road. So far I have the actual VPN connection, but I am quite confused as to how I should best go about doing the routing required to route all of the laptop's traffic through the VPN.
The current configuration is very simple, FreeBSD laptop connecting to FreeBSD server:
Laptop, re0: 192.168.1.2, gateway: 192.168.1.1, tun0: 10.0.3.2
Laptop, /root/.ssh/config:
Server, em0: 22.22.22.22, Gateway: 22.22.22.1, tun0: 10.0.3.1
Server, /root/.ssh/authorized_keys:
The tunnel is created when SSH'ing to the server and the machines can ping each other via 10.0.3.1 and 10.0.3.2, but I am unsure how to best proceed in order to get all of the laptop's traffic going via the server.
On the laptop I can add a route to the server via the laptop's existing gateway (22.22.22.22 via 192.168.1.1), then change the laptop's default route to the tunnel IP of FreeBSD server (10.0.3.1) - This results in traffic being passed to the VPN, when setting
What are the best way to finish this, I assume I need some form of NAT for example using pf or natd?
If anyone can provide me with some examples I would be extremely grateful!
The current configuration is very simple, FreeBSD laptop connecting to FreeBSD server:
Laptop, re0: 192.168.1.2, gateway: 192.168.1.1, tun0: 10.0.3.2
Laptop, /root/.ssh/config:
Code:
Host FreeBSDServer
HostName 22.22.22.22
User root
IdentityFile ~/.ssh/id_rsa
Tunnel yes
TunnelDevice 0:any
PermitLocalCommand yes
LocalCommand /bin/echo > /dev/tun0; /sbin/ifconfig tun0 10.0.3.2/30 10.0.3.1
Server, /root/.ssh/authorized_keys:
Code:
tunnel="0",command="/sbin/ifconfig tun0 10.0.3.1/30 10.0.3.2" ssh-rsa <PUBLIC KEY HERE> == me@Laptop
The tunnel is created when SSH'ing to the server and the machines can ping each other via 10.0.3.1 and 10.0.3.2, but I am unsure how to best proceed in order to get all of the laptop's traffic going via the server.
On the laptop I can add a route to the server via the laptop's existing gateway (22.22.22.22 via 192.168.1.1), then change the laptop's default route to the tunnel IP of FreeBSD server (10.0.3.1) - This results in traffic being passed to the VPN, when setting
sysctl net.inet.ip.forwarding=1 I can see ICMP requests on the server via tcpdump on both em0 and tun0 - but no ICMP replies.What are the best way to finish this, I assume I need some form of NAT for example using pf or natd?
If anyone can provide me with some examples I would be extremely grateful!