www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Step by step help needed for Lan to Lan

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Networking
View previous topic :: View next topic  
Author Message
Olias



Joined: 08 Apr 2008
Posts: 3
Location: Wisconsin
PostPosted: Tue Apr 08, 2008 3:58 pm    Post subject: Step by step help needed for Lan to Lan Reply with quote
Hello, I am very new to zeroshell but would like to try it in our environment. I would like to set up a simple, non-bridged Lan to Lan connection between our main site and a remote site but am unclear on the steps necessary.
This is what I've done so far:

Installed Zeroshell on two boxes:

Box1
ETH00 172.20.2.77 subnet 255.255.255.0
ETH01 xxx.xxx.xxx.xxx (static public address)
VPN00 with address 192.168.200.1, remote host yyy.yyy.yyy.yyy (using local CA cert.)

Box2
ETH00 172.30.2.77 subnet 255.255.255.0
ETH01 yyy.yyy.yyy.yyy (static public address)
VPN00 with address 192.168.200.2, remote host xxx.xxx.xxx.xxx (using local CA cert.)


What more do I need to get the VPN to connect?
Do I need static routes? firewall allow rules?
Each box is a CA. In setting up VPN00 on each box, do I need to import a certificate from Box1 and use it on VPN00 on box2?

I would be happy to create a document for the website listing all the necessary steps, but I first need to know what they are.

Thanks for any help.

<edit>
I can remove VPN00 from each side and set up staic routes so that raw traffic passes through both boxes. But how is the Lan to Lan set up?
Do I assign each VPN00 an ip on different subnets?

Any consultants out there willing to charge for a few hours?
Back to top
View user's profile Send private message
Olias



Joined: 08 Apr 2008
Posts: 3
Location: Wisconsin
PostPosted: Wed Apr 09, 2008 5:39 pm    Post subject: Reply with quote
Hmmm,
Doesn't appear to be a very active forum.
Time to move on...
Back to top
View user's profile Send private message
misterplow



Joined: 22 Apr 2008
Posts: 20
PostPosted: Tue Apr 22, 2008 1:56 am    Post subject: Reply with quote
I might have a couple of ideas/pointers for you, but first can I ask a question to clarify?

The impression I get is that you want to physically (ie lan-to-lan) join the eth0 network of each box (so . . the "far" ends of the connection), but the two networks are on different subnets.

Do you have a routing device in the picture somewhere?

I've implemented several instances of client-to-lan and also lan-to-lan, so I hope to be of help to you. Once you get a couple of concepts understood (well), zeroshell is so easy to work with . . almost a work of art!

Don't give up on zs just yet.
Back to top
View user's profile Send private message
Olias



Joined: 08 Apr 2008
Posts: 3
Location: Wisconsin
PostPosted: Thu Apr 24, 2008 6:22 pm    Post subject: Reply with quote
Well, I didn't give up after all. I found a local consultant who came in and set up the connection in a couple of hours. He imported one cert onto box2, added some routing statements on box1 and box2, waved his magic wand and, voila! Success.

I am now stress testing it before it's deployed on our network. Testing is going well so far.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Networking All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group