Bridged VPN connection between 2 offices.

[kenadak]

fulvio asked me to post a diagram of how I set this up.

So, here it is… there is only one issue I’m having right now, and I will ask how to fix it at the end:

LAN1

|
|
ZeroShell 1
|
|
Internet
|
|
ZeroShell 2
|
|

LAN2

Both ZeroShell’s are configured:
Eth0 – Internal
Eth1 – External -Nat’ed
VPN0 – Lan-to-Lan
Bridge0 – Eth0&VPN0 IP= 192.168.0.1 (for ZeroShell 1) and 192.168.0.2 (for 2)
DHCP set up with 192.168.0.100 – 150 (for 1) 192.168.151-200 (for 2)

and here is the problem:
if a machine with a valid lease from LAN1 is moved to LAN2 (aka laptop) the DHCP server from the other lan responds. how can I disallow DHCP traffic between the bridge?

[imported_fulvio]

Are you sure you need to enable two dhcp servers? Because LAN1 and LAN2 are bridged using the VPN lan-to-lan, layer 2 broadcast is forwarded and hence you only need one dhcp server.
In any case, if you want to be sure that dynamic assignment of the IPs occurs also when the VPN is broken because the Internet connection is unavailable, then you must have two dhcp, but to solve your issue, you have to drop with the firewall on both Zeroshell router the UDP packets incoming from VPN interface and with destination the port 67 (bootp server).

Regards
Fulvio

[kenadak]

you answered your own question… the DHCP at both ends is to insure if the VPN is unavailible the users of each lan can get to the internet.

thanks for the port for bootp I should have thought of that.

Ken

[Author]

Posts