Re: network desgin

Forums Network Management Networking bridging question Re: network desgin


I am wondering why the zeroshell vmware download doesn’t come with more than one virtual network card. Is zeroshell able to do things
without acting as a router?

If I have the zeroshell vm running on two separate lans (home and
work) and I configure the network card for each zeroshell to
be a fixed ip on its respective lan, and I forward traffic on 1195 UDP
to each zeroshell address respectively, and I setup a LAN-LAN
vpn, what should happen?

The VPN00 still says its connecting and the log on one end shows

LZO compression initialized
03:37:59 TUN/TAP device VPN00 opened
03:37:59 UDPv4 link local (bound): [undef]:1195
03:37:59 UDPv4 link remote: XXX.XXX.XXX.XXX:1195
03:38:02 [UNDEF] Inactivity timeout (–ping-restart), restarting
03:38:02 SIGUSR1[soft,ping-restart] received, process restarting
03:38:04 WARNING: No server certificate verification method has been enabled. See for more info.
03:38:04 LZO compression initialized
03:38:04 TUN/TAP device VPN00 opened
03:38:04 UDPv4 link local (bound): [undef]:1195
03:38:04 UDPv4 link remote: XXX.XXX.XXX.XXX:1195

I configured the vpn on each side, and one side was setup as
client and the other as server. I gave each vpn setup the
public address of the other end’s router. As mentioned, I
forwarded traffic accordingly, and I left the defaults for all the
other settings. I did setup the gateway address for each and saw
that in the console of zeroshell I could ping external IPs.
But I couldn’t ping through the tunnel (there was never a tunnel
listed as working that I saw).

I am going to try to setup a simpler test environment, because
one side had double natting and who knows what one of the routers
might have said to the other in the dark 😉

But I want to make sure I’m doing this right. I am basically going to
setup two lans each with the same subnet settings, slap a router on each,
and give the routers fake public ip addresses in the same network so they
can talk without any other routers, connect the WANs of each router with
a switch, make sure all things are pingable properly, and config the
zeroshell virtual machines like I did already. Again that was to setup
their network cards to have distinct LAN addresses with gateways to
their router. And then on the LAN-to-LAN VPN setup page I click the
create VPN button and just enter the fake public ip address of the
opposite router. Then the tunnel should come up right? If it does,
I should then be able to ping from one lan to the other, right?

Thanks for your help,
Dave Tyler