Lost with vpn config
What I want is to setup my linode to appear as another host on my lan, so that I can route certain services over the encrypted VPN connection. I'm looking for something like ftp/smb/nfs. Probably SMB as I develop on Windows. After completing a multistage in place upgrade from Ubuntu 12.x 32bit to 14.04 64bit upgrade, I've been trying to follow this article
I'm pretty sure I'm looking to replicate at least a portion of the bdi-nas connection, as all I want is the specific traffic for the target network on the vpn. I don't want to tunnel all my traffic either way, which is unfortunately just about all I can find for other documentation, nothing talks about split-tunnel.
I have active IPSec connections from home to two separate remote offices with site to site, 1 running a PFSense firewall and one a Cisco ASA. So I know I'm not having a filtering/firewall problem.
I'm feeling lost at this point. I've wiped my config on both ends a few times and am just having a hard time with StrongSwan, OpenSwan didn't do any better, and I just hit a wall looking into OpenVPN. Suggestions, examples, alternatives would all be welcome. This is my first site to single public host, and I think I'm getting stuck with something at this part.
Is site-to-host much different than site-to-site?
What magic does StrongSwan do?
Do I need a dummy interface?
2 Replies
conn slackbox
auto=route
left=192.168.2.6
leftcert=vpn.pem
leftid="CN=vpn.way-of-the-blade.com"
leftsubnet=192.168.2.6/24
leftsourceip=192.168.2.6
leftauth=pubkey
mobike = yes
right=192.81.129.220
rightcert=slackbox.pem
rightid="CN=slackbox.way-of-the-blade.com"
rightsubnet=192.168.3.1/24
rightauth=pubkey
dpdaction=restart
ike=aes256-sha1-modp2048
On the Linode end:
conn stnino
auto=route
leftcert=slackbox.pem
leftid="CN=slackbox.way-of-the-blade.com"
leftsubnet=192.168.3.1/24
leftsourceip=192.168.3.1
leftfirewall=no
leftauth=pubkey
mobike=yes
right=vpn.way-of-the-blade.com
rightcert=vpn.pem
rightid="CN=vpn.way-of-the-blade.com"
rightsubnet=192.168.2.6/24
rightsourceip=192.168.2.6
rightauth=pubkey
ike=aes256-sha1-modp2048