Greetings, all. If I could pick the collective brain for a moment, I'd like to solicit some thougths as to how I might approach the following scenario: I have a client who requires VPN access from OS/2 (eComStation) to an IBM zOS image, using the TN3270 client (and associated applications require OS/2 on the client side). The VPN connection is a Cisco AnyConnect, which is supported by openConnect on Linux, but for which there is no OS/2 client (as far as I know, and I do a considerable amount of OS/2 consulting). His SonicWALL router predates the SSL-capable units, doing only IPSec, and while we are on site-to-site IPSec VPN between us, and my Astaro Security Gateway (now Sophos UTM) can connect and then route the traffic through for him, I'm looking to create more of a self-contained solution for him. So... My idea is to install Ubuntu 12 (or openSUSE; I'm a Novell guy, so SUSE is more familiar to me) as a VirtualBox guest under the OS/2 host (yes, we do have VirtualBox support for OS/2). Using openConnect, assuming it works similarly to other SSL VPNs I've used on Linux, it should create a ppp0 interface upon connection. My thinking is to enable forwarding between interfaces (I would configure the guest to use bridged networking, so that host and guest are on the same subnet), and then on the OS/2 side, build a few static routes in the table to direct traffic from the host machine destined for the protected remote subnet(s) through the Linux guest. I only need IPv4 support (OS/2 does not have an IPv6-aware stack, anyhow). My initial tests (using a Fortinet SSL VPN connection to a test network, only because it was convenient) would not allow the traffic to pass (after configuring the ppp0l IP as a destination host via the guest's IP, and testing ping, attempting to add the remote protected subnet yielded me the dreaded "SIOCADDRT: network unreachable" on the host (the OS/2 IP stack was ported from BSD 4.3, IIRC, so it's pretty standard). I'm thinking that there's something else I need to do on the guest side (under Linux, which is why I'm posting this here) to enable forwarding. Do I need to masquerade the ppp0 interface? Any and all thoughts are welcome. TIA -- Lewis ------------------------------------------------------------- Lewis G Rosenthal, CNA, CLP, CLE, CWTS, RTRP, EA Rosenthal & Rosenthal, LLC www.2rosenthals.com Need a managed Wi-Fi hotspot? www.hautspot.com Warpstock 2013 - Atlanta, GA - Oct 4-6 www.warpstock.org visit my IT blog www.2rosenthals.net/wordpress ------------------------------------------------------------- -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
