Share your VPN tun0 with a network interface eth0

My laptop and a home server are both in the same room, behind a very restrictive NAT. My VPN provider just provide a GUI interface, so my laptop can connect to google & Co, but my server NOT! So no apt-get update for my home server…so, should we give up? No, a few commands and the problem will be solved, letting your home server (odroid c1) surfing the waves of the free web. Let’s start by allowing forwading in the system:

Now we will allow tun0 to forward data, and then create the rule to forward all the packet coming from eth0 to the VPN tun0 (yes, iptable is magic).

Now we will install a simple DHCP server on the laptop, so it will give IP address to the server when connecting the server to the laptop.

Edit the  /etc/dhcp/dhcpd.conf  to tell the DHCP server how to attribute the IP to the server (that will connect through eth0 with ethernet cable):

Edit  /etc/default/isc-dhcp-server  to tell the DHCP server which Network interface to use:

then check your config is correct with dhcpd -t /etc/dhcp/dhcpd.conf and start/restart the DHCP server:

Now set your  eth0  ip to the same IP as the gateway IP defined in the DHCP.conf using this command:

Only then connect, your server ethernet port to your laptop ethernet port, the server is dhcp client for me, so it will be dispatched an IP address from the DHCP server running on the laptop. Most probably it will be 10.10.0.25. You can connect to your server from your laptop using:

and from your server, running  apt-get update && apt-get dist-upgrade  which is going through your laptop VPN !! BRAVO !!

credit to this and this.

Note : In case your ISC-DHCP-SERVER won’t start

It happened to me the second time I followed this procedure, impossible to get isc-dhcp-server to work, so I ditched it apt-get remove isc-dhcp-server and installed dnsmasq instead apt-get install dnsmasq then edit

find these lines and edit them like this:

then manually set you laptop a fixed ip (10.10.0.1). finally open the needed ports in the firewall with sudo ufw allow bootps and ufw enable before connecting the ethernet of the server to your laptop. You can check the logs by tail -f /var/log/syslog . You can run  service dnsmasq restart .

credit for dnsmasq config.

Bonus

To find the IP you server was attributed (so you can ssh into it), you can use

To find the gateway of you server (properly redirected to your laptop IP through eth0) do route -n .

because i didn’t research it, dnsmasq do not attribute dns name to the dhcp clients, so you will have to add it with echo "nameserver 8.8.8.8" > /etc/resolv.conf