My laptop and a home server are both in the same room, behind a very restrictive NAT. My VPN provider just provide a GUI interface, so my laptop can connect to google & Co, but my server NOT! So no apt-get update for my home server…so, should we give up? No, a few commands and the problem will be solved, letting your home server (odroid c1) surfing the waves of the free web. Let’s start by allowing forwading in the system:
echo 1 > /proc/sys/net/ipv4/ip_forward sysctl net.netfilter.nf_conntrack_acct=1
Now we will allow tun0 to forward data, and then create the rule to forward all the packet coming from eth0 to the VPN tun0 (yes, iptable is magic).
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE sudo iptables -A FORWARD -i eth0 -o tun0 -m conntrack --ctstate NEW -j ACCEPT
Now we will install a simple DHCP server on the laptop, so it will give IP address to the server when connecting the server to the laptop.
sudo apt-get install isc-dhcp-server
Edit the /etc/dhcp/dhcpd.conf to tell the DHCP server how to attribute the IP to the server (that will connect through eth0 with ethernet cable):
subnet 10.10.0.0 netmask 255.255.255.0 {
range 10.10.0.25 10.10.0.50;
option domain-name-servers 8.8.4.4;
option routers 10.10.0.1;
}
Edit /etc/default/isc-dhcp-server to tell the DHCP server which Network interface to use:
INTERFACES="eth0"
then check your config is correct with dhcpd -t /etc/dhcp/dhcpd.conf and start/restart the DHCP server:
sudo start isc-dhcp-server
Now set your eth0 ip to the same IP as the gateway IP defined in the DHCP.conf using this command:
sudo ifconfig eth0 10.10.0.1 netmask 255.255.255.0
Only then connect, your server ethernet port to your laptop ethernet port, the server is dhcp client for me, so it will be dispatched an IP address from the DHCP server running on the laptop. Most probably it will be 10.10.0.25. You can connect to your server from your laptop using:
ssh user@10.10.0.25
and from your server, running apt-get update && apt-get dist-upgrade which is going through your laptop VPN !! BRAVO !!
Note : In case your ISC-DHCP-SERVER won’t start
It happened to me the second time I followed this procedure, impossible to get isc-dhcp-server to work, so I ditched it apt-get remove isc-dhcp-server and installed dnsmasq instead apt-get install dnsmasq then edit
nano /etc/dnsmasq.conf
find these lines and edit them like this:
interface=eth0 dhcp-range=10.10.0.50,10.10.0.150,255.255.255.0,12h
then manually set you laptop a fixed ip (10.10.0.1). finally open the needed ports in the firewall with sudo ufw allow bootps and ufw enable before connecting the ethernet of the server to your laptop. You can check the logs by tail -f /var/log/syslog . You can run service dnsmasq restart .
credit for dnsmasq config.
Bonus
To find the IP you server was attributed (so you can ssh into it), you can use
sudo nmap -sP 10.10.0.0/24
To find the gateway of you server (properly redirected to your laptop IP through eth0) do route -n .
because i didn’t research it, dnsmasq do not attribute dns name to the dhcp clients, so you will have to add it with echo “nameserver 8.8.8.8” > /etc/resolv.conf