www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Can I LAN to LAN VPN with only one NIC?

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
getout



Joined: 15 Apr 2014
Posts: 34

PostPosted: Thu May 08, 2014 1:52 pm    Post subject: Can I LAN to LAN VPN with only one NIC? Reply with quote

If I have two ZS boxes A and B on separate networks on the internet, both have a single connection to the internet.

ZS-A has two NIC's connected to a single switch, the switch gets an internet connection from a router with IP 192.168.1.1/24 (set as Default GW for ZS-A). ZS-A ETH00 connects to the internet connection with IP 192.168.1.2/24 (behind NAT) ETH01 has IP 172.16.1.1/16 and will be used for client devices.

ZS-B has only one NIC with a public IP address ETH00 26.20.20.20/24 and Default GW 26.20.20.1

I want ZS-A to connect to the internet through ZS-B using the the public IP of ZS-B. Can I do this by setting up a LAN to LAN VPN if ZS-B has only one NIC? If I understand the LAN to LAN VPN correctly I will need to have a second NIC on ZS-B eg:

(if ZS-B has second NIC) ZS-B ETH01 10.0.0.1/8
ZS-B LAN to LAN VPN Server IP 192.168.250.250/24
ZS-A LAN to LAN VPN Client IP 192.168.250.251/24

If ZS-B had a second NIC I would route to ZS-A with a static route like - Destination 172.16.0.0/16 via GW 192.168.250.251/24 and the reverse on ZS-A like- Destination 10.0.0.0/8 via GW 192.168.250.250/24.

But if I can't install a second NIC on ZS-B how can I accomplish this?
Should I not use VPN to accomplish this?

ZS-A (In Office behind NAT)
ETH00 192.168.1.2/24
ETH01 172.16.1.1/16
VPN00 Client 192.168.250.251

ZS-B (In Data Centre. Only one NIC)
ETH00 20.20.20.26/24 Public IP
VPN00 Server 192.168.250.250

Cheers,

Sparki.
Back to top
View user's profile Send private message
getout



Joined: 15 Apr 2014
Posts: 34

PostPosted: Wed May 14, 2014 12:07 am    Post subject: Reply with quote

OK so now I understand. Disregard my post above (what a mess). I was confused about how to set the internet gateway and was thinking I had to do this manually (trying all sorts of crazy things) but then realized that NetBalancer does this by applying individual rules. I was way off!

From what I now understand about Linux IPtables or netfilter is that by creating individual rules in NetBalancer it must be creating PREROUTING and POSTROUTING rules in the NAT table forcing all traffic from one interface (LAN NIC) down another (VPN interface).

Correct me if I'm wrong here.....
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group