Answer the question
In order to leave comments, you need to log in
How to properly configure the gateway on a Debian virtual machine?
Good afternoon everyone!
I really ask for the help of experts, since I have already despaired and am absolutely not sure of the correctness of the current solution used. I ask you not to kick too much - I googled everything that is possible - everywhere such situations are described differently, and besides, I have never met a situation identical to mine.
-------------------------------
Essence of the question:
correctly configure the gateway on the virtual machine (vmware) debian 9.9 for going to the Internet of the second virtual machine (also debian) through this gateway. I want to clarify that the scheme is working at the moment, but I highly doubt that it works correctly and in the way I would like.
Initial data:
Virtualka debian-gateway:
Has 3 network (virtual, of course) adapters:
1a) eth0- with the help of which debian has the original Internet access - this is a custom type adapter, with NAT, DHCP enabled; setting "connect host to this network" - disabled;
settings in the network manager inside the virtual machine at the connection: "Automatically by DHCP, address only", that is, I specified public DNSs (for example, 8.8.8.8 - not so important);
in total, let's say
that
IP
192.168.19.5
mask
24
gateway 192.168.19.2
DNS
8.8.8.8
3a) eth1
- adapter of "created" virtual locale, also custom-type; here are the following network adapter settings: NAT - no, DHCP - no, connect to host - no;
settings in the network manager inside the virtual machine for this connection: "Shared with other computers", with the specified static ip, for example, 192.168.2.1, mask 24 and
gateway
192.168.2.1
LAN with a gateway and has 1 network adapter eth0, identical to adapter 3a) of the debian gateway, with settings in the network manager:
static IP 192.168.2.2
mask 24
gateway 192.168.2.1
DNS, for example, 77.88.8.8
Task - you need to:
the debian client accessed the Internet through the local 3a) interface (eth1 connection) of the debian gateway;
in turn, eth1 of the debian gateway must distribute the Internet to the client using eth0 of the same debian gateway through tun0 of the same debian gateway.
That is: ETH0 client --> ETH1 gateway --> TUN0 gateway --> ETH0 gateway --> host physical adapter --> Internet.
I think that many will now twist their fingers to their heads. I beg you , help me figure out a correctly working scheme, because I'm not sure that it is now routed-natted-working as described in the desired scheme-task above.
For the purity of the "experiment", I would like to hear from knowledgeable people exactly the solution, at least in brief, and, I emphasize,if it is at all realistic in your opinion . Do not take it for impudence ...
I hope that someone will respond!
Thanks in advance!
Answer the question
In order to leave comments, you need to log in
Do you want to understand networks or work?
If you work and nothing else. Start at https://www.whonix.org/. There is a gateway and a workstation. Simple instruction. Then sign the vpn client on the gateway, as on a regular Linux, and everything will work.
If you figure it out.
1. We make 2 VMs: Gateway, vPK. In the settings of Wirth. adapter, we combine them into one segment of the local network. Gateway - 2 adapters: the first - let the external one be NAT or a bridge for now, if you have a home network with a router; the second is local, you specify the name of the Wirth segment there. local network. Both Virtualbox and VMVar can do it.
2. Set up the Gateway as usual so that it allows access to the VPC network. This is a classic topic, look for manuals on the snat + forwarding network. How to set up and check, you can move on.
3. On the Gateway, configure the VPN client before the external VPN server. Check that it works locally through the vpn server and the default route is to the vpn server. It is logical that then the military-industrial complex will go to the Internet as well. He doesn't care what the traffic is like after he sent it to his default gateway.
4. Learn to control the status of the connection so that there is no leakage when the vpn on the Gateway is not working. And requests to the DNS or on the Gateway were processed, or went through vpn.
5. And why Debian 9.9? Get 10 already.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question