Road warrior needs to open up network behind him.

[xychix]

I've got a working VPN server.

My laptops connect to it and that works like a charm.

I wan't one of these laptops to 'open up' the network behind it.
The machines in that network already have an default gateway and no route to the internet. I can't control these machines.


VPN server has an TAP0 ip 10.8.0.1

the roadwarrior has
tap0, 10.8.0.6 <---pptp----> 10.8.0.5
eth0, the internal network side. Let's assume it has an internal IP of 192.168.10.11 today on a /24 network.
wlan0, let's assume the laptop is internet connected over a random public wifi and has 192.168.99.99 there. also this wlan0 interface has a fixed route to the public internet IP of the openvpnserver.

now i connect with my home PC (10.8.0.4 <----------> 10.8.0.3) This home PC needs to be able to connect to the machines behind my road warrior. I ssh to 10.8.0.6 and check what random network is behind that eth0 today.
I tell my home machine
route add -net 192.168.10.11 gw 10.8.0.6

This should ensure that me traffic from my home machine flows to 10.8.0.6 (but tcpdump on roadwarrior proves it doesn't arrive!!!!!! why not, client-to-client is enabled in the server)

Next to that road warrior should NAT tap0 to eth0 because the systems in the unknown network don't know about the 10.8.* ip's but they will be able to find eth0, roadwarrior, 192.168.10.11.


question 1: anyone any idea why packets don't arrive on roadwarrior? (it has ipv4.route on)
question 2: any hints on the NAT?

[xychix]

errrrrr I'm using TUN dev's on server and clients...