2 WLANs, VPN routing? Is it possible?

Hi there,

I would like to do the following: From the hallway of my girlfriend's
appartment it is possible to catch the WLAN of her university's library,
for which she has a login. The WLAN is secured by a VPN. From her living
room we can't "hear" the WLAN anymore. So I would like to setup a computer
with two WLAN interfaces, one "connected" to the university, the other one
for the appartment (actually most likely a regular NIC and an AP), so that
my girlfriend and her flatmate can both use the university's WLAN internet
access. I would like to use this setupee two possibilities:

Terminate the VPN on the extra box, such as this:


WLAN w/o VPN Univ. WLAN w/ VPN
Notebook1 <------------> router box <-----------------> univ.
|
Notebook2 <------------------

This would involve appartment-local IP-addresses and NAT on the router. Is
it possible to tunnel the traffic of the two masqueraded notebooks through
the same VPN tunnel? And if, how does one go about it? Better yet, would it
be possible to only use the tunnel for http/imap/pop requests, and to not
tunnel other requests such as SMB/NFS/etc.?

TIA for your answers,
Martin Schaffoener

Martin Schaffoener wrote:

> Hi there,
>
> I would like to do the following: From the hallway of my girlfriend's
> appartment it is possible to catch the WLAN of her university's library,
> for which she has a login. The WLAN is secured by a VPN. From her living
> room we can't "hear" the WLAN anymore. So I would like to setup a computer
> with two WLAN interfaces, one "connected" to the university, the other one
> for the appartment (actually most likely a regular NIC and an AP), so that
> my girlfriend and her flatmate can both use the university's WLAN internet
> access. I would like to use this setupee two possibilities:
>
> Terminate the VPN on the extra box, such as this:
>
>
> WLAN w/o VPN Univ. WLAN w/ VPN
> Notebook1 <------------> router box <-----------------> univ.
> |
> Notebook2 <------------------
>
> This would involve appartment-local IP-addresses and NAT on the router. Is
> it possible to tunnel the traffic of the two masqueraded notebooks through
> the same VPN tunnel? And if, how does one go about it? Better yet, would
> it be possible to only use the tunnel for http/imap/pop requests, and to
> not tunnel other requests such as SMB/NFS/etc.?
>
> TIA for your answers,
> Martin Schaffoener
Hi,

this should not make too many difficulties. Set up the VPN on the Router
Linux box to the University as you did with your Notebook. This will give
you a extra interface (lets call it cisco_vpn). Then set up a VPN from your
Notebook to the Linux box. Cipe is very easy to configure, and has little
overhead. This will give you an extra interface on both machines (lets call
them cipcb0 on both machines). Then on the notebook, you have to make the
VPN a gateway to the net of the university:
route add -net 192.168.xxx.xxx netmask 255.255.255.0 gw cipcb0
Then make the router routing able:
echo "1">/proc/sys/net/ipv4/ip_forward
Then add the rule
iptables -A FORWARD -i cipcb0 -o cisco_vpn -j ACCEPT
There you go! Then set up the firewall for the router.

Regards, Alex

Alex Harsch wrote:

> Hi,
>
> this should not make too many difficulties. Set up the VPN on the Router
> Linux box to the University as you did with your Notebook. This will give
> you a extra interface (lets call it cisco_vpn). Then set up a VPN from
> your Notebook to the Linux box. Cipe is very easy to configure, and has
> little overhead. This will give you an extra interface on both machines
> (lets call them cipcb0 on both machines). Then on the notebook, you have
> to make the VPN a gateway to the net of the university:
> route add -net 192.168.xxx.xxx netmask 255.255.255.0 gw cipcb0
> Then make the router routing able:
> echo "1">/proc/sys/net/ipv4/ip_forward
> Then add the rule
> iptables -A FORWARD -i cipcb0 -o cisco_vpn -j ACCEPT
> There you go! Then set up the firewall for the router.

Thanks a lot, I will try that. Even though I would not do that, my
girlfriend insists on keeping Windows XP on her notebook. I am not sure if
the Cisco VPN client creates an extra interface on Windows. How would one
go about that?

Regards,
Martin Schaffoener

Martin Schaffoener wrote:

> Alex Harsch wrote:
>
>> Hi,
>>
>> this should not make too many difficulties. Set up the VPN on the Router
>> Linux box to the University as you did with your Notebook. This will give
>> you a extra interface (lets call it cisco_vpn). Then set up a VPN from
>> your Notebook to the Linux box. Cipe is very easy to configure, and has
>> little overhead. This will give you an extra interface on both machines
>> (lets call them cipcb0 on both machines). Then on the notebook, you have
>> to make the VPN a gateway to the net of the university:
>> route add -net 192.168.xxx.xxx netmask 255.255.255.0 gw cipcb0
>> Then make the router routing able:
>> echo "1">/proc/sys/net/ipv4/ip_forward
>> Then add the rule
>> iptables -A FORWARD -i cipcb0 -o cisco_vpn -j ACCEPT
>> There you go! Then set up the firewall for the router.
>
> Thanks a lot, I will try that. Even though I would not do that, my
> girlfriend insists on keeping Windows XP on her notebook. I am not sure if
> the Cisco VPN client creates an extra interface on Windows. How would one
> go about that?
>
> Regards,
> Martin Schaffoener
Hi,

Cipe is also available for Windows, and works well with Linux. The Windows
route command should work pretty much similar to the LInux one, "route ?"
should tell you the details.

Alex

Martin Schaffoener wrote:

> Alex Harsch wrote:
>
>> Hi,
>>
>> this should not make too many difficulties. Set up the VPN on the Router
>> Linux box to the University as you did with your Notebook. This will give
>> you a extra interface (lets call it cisco_vpn). Then set up a VPN from
>> your Notebook to the Linux box. Cipe is very easy to configure, and has
>> little overhead. This will give you an extra interface on both machines
>> (lets call them cipcb0 on both machines). Then on the notebook, you have
>> to make the VPN a gateway to the net of the university:
>> route add -net 192.168.xxx.xxx netmask 255.255.255.0 gw cipcb0
>> Then make the router routing able:
>> echo "1">/proc/sys/net/ipv4/ip_forward
>> Then add the rule
>> iptables -A FORWARD -i cipcb0 -o cisco_vpn -j ACCEPT
>> There you go! Then set up the firewall for the router.
>
> Thanks a lot, I will try that. Even though I would not do that, my
> girlfriend insists on keeping Windows XP on her notebook. I am not sure if
> the Cisco VPN client creates an extra interface on Windows. How would one
> go about that?
In my exaple, the Cisco Interface pointed to the University, and the Cipe
one is used internally. I just picked the Cisco VPN, because many
universities use Cisco and the Cisco VPN.

>
> Regards,
> Martin Schaffoener

Alex Harsch wrote:

> In my exaple, the Cisco Interface pointed to the University, and the Cipe
> one is used internally. I just picked the Cisco VPN, because many
> universities use Cisco and the Cisco VPN.
Thanks! You are right about the university using Cisco VPN...

Regards,
Martin Schaffoener