home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.dcom.vpn      VPN protocols, clients, awesomeness      2,348 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 2,163 of 2,348   
   Michael Ziegler to Fred Marshall   
   Re: Site to site VPNs - how they work   
   03 Jul 07 00:37:55   
   
   From: haettstegern@hoster.invalid   
      
   Fred Marshall wrote:   
   > For one thing, I can imagine that there would be a gateway router on each   
   > subnet and that the gateway router would route all traffic going to the   
   > remote subnet to the local VPN IP address as the next hop.  I can't imagine   
   > that this is somehow bad practice.   
      
   These gateways would naturally be the machines that establish the VPN   
   connection.   
   You need to set these up so they do routing in two directions, namely   
   VPN <-> LAN.   
      
   Then, you tell your clients (or, the default gateways these clients use)   
   that they reach the other site via the gateway machine that runs the   
   VPN, and that's it :)   
      
   eg:   
   Site1:   
       network:            192.168.1.0/24   
       router to internet: 192.168.1.1   
       vpn gateway:        192.168.1.254   
           vpn address:    10.8.0.1   
      
   Site2:   
       network:            192.168.2.0/24   
       router to internet: 192.168.2.1   
       vpn gateway:        192.168.2.254,   
           vpn address:    10.8.0.2   
      
   Route to set on machine 192.168.1.1:   
   | route add -net 192.168.2.0/24 gw 192.168.1.254   
      
   Route to set on machine 192.168.1.254:   
   | route add -net 192.168.2.0/24 gw 10.8.0.2   
      
   Route to set on machine 192.168.2.1:   
   | route add -net 192.168.1.0/24 gw 192.168.2.254   
      
   Route to set on machine 192.168.2.254:   
   | route add -net 192.168.1.0/24 gw 10.8.0.1   
      
   That should do the trick :)   
      
   I'm not sure if these routes are sufficient on the VPN gateways, though,   
   as I'm not familiar with how to setup this without using a shorewall :D   
      
   > Lacking that type of implementation, how do the packets destined for the VPN   
   > know where the VPN is?  Is there some kind of broadcast or what?  I can't   
   > imagine that all packets destined for the VPN are broadcast .... ?   
      
   What do you mean?   
      
      
   Regards,   
   Michael   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca