IP Forwarding Through Tunnels?

fialar asks: "I have a machine (machine A) that provides an encrypted, private channel (VPN via vtun). It connects to Machine B and gives Machine B an IP address on Machine A's subnet (which is unused). I've added the proper arp command line (arp -i eth0 -sD eth0 pub), however Machine B cannot ping outside of Machine A's subnet. After a certain period of time, it can, but I am not sure why. Is there a way to set it up so that when the connection between Machine A and B happens, the proper rules are set up so that Machine B will be able to get out? IP Masquerading is not an option. I need Machine B to show up on Machine A's subnet."

Routing, not forwarding.

[TBone]

You'll need to add routes for the opposing subnets on either end of the tunnel:

ifconfig tunl0 1.1.1.1 netmask 255.255.255.0 up
ifconfig tunl1 2.2.2.1 netmask 255.255.255.0 up

This will set up the interfaces...you IP's may vary. Then:

route add 1.1.1.0 tunl1 (on machine 2)
route add 2.2.2.0 tunl0 (on machine 1)

Or, add the single IP address you're trying to get to instead of the networks. Which will be just as easy unless you've got multiple machines at either end.

Re:Routing, not forwarding.

[anticypher]

TBone beat me to it.

I'll add, check your routing daemons, if you are running any. Look for routed, the RIP daemon. Older versions might be confused by your tunnel, and either adding, dropping, or changing the routes between the two machines. Unless you know you are getting RIP updates from a nearby router, its probably a good idea not to run routed.

Go with static routes for most simple installations, only routers need to speak routing protocols. Its best to play with routing protocols when you have the machines sitting next to each other, rather than one far away.

the AC