October 23, 2007 at 6:19 pm #40810
I’d like to set up a bridge from our office lan
to a remote location lan with a dsl. we have sonicwall
routers at each end and it turns out they apparently
can’t do bridging over vpn and have no l2tp support.
I can’t get rid of the office sonicwall as our public
facing router, but i can get rid of the sonicwall at the
other end if necessary. the other end, btw, is not
presently setup and will only host only one computer
for doubletake replication.
our goal is actually to simply be able to move the
doubletake computer back and forth from office
to remote location without reconfiguring it at all.
we ideally don’t want to have to know anything
about doubletake to accomplish this, hence the
desire for a transparent bridge.
i have no experience with bridging, but what I’m
concerned about is whether we can bridge from
behind the sonicwall.
would i need L2TP over IPSEC to do accomplish
what i need or would L2TP be enough if
we aren’t concerned about security.
more generally, how supportable/common is it
to do something like this with zeroshell.
Dave TYlerOctober 24, 2007 at 9:26 pm #45976
Zeroshell supports VPN bridging of two or more LAN by using OpenVPN.
This type of VPN supports also the 802.1q VLAN trunking.
FulvioOctober 28, 2007 at 3:36 am #45977
I am wondering why the zeroshell vmware download doesn’t come with more than one virtual network card. Is zeroshell able to do things
without acting as a router?
If I have the zeroshell vm running on two separate lans (home and
work) and I configure the network card for each zeroshell to
be a fixed ip on its respective lan, and I forward traffic on 1195 UDP
to each zeroshell address respectively, and I setup a LAN-LAN
vpn, what should happen?
The VPN00 still says its connecting and the log on one end shows
LZO compression initialized
03:37:59 TUN/TAP device VPN00 opened
03:37:59 UDPv4 link local (bound): [undef]:1195
03:37:59 UDPv4 link remote: XXX.XXX.XXX.XXX:1195
03:38:02 [UNDEF] Inactivity timeout (–ping-restart), restarting
03:38:02 SIGUSR1[soft,ping-restart] received, process restarting
03:38:04 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
03:38:04 LZO compression initialized
03:38:04 TUN/TAP device VPN00 opened
03:38:04 UDPv4 link local (bound): [undef]:1195
03:38:04 UDPv4 link remote: XXX.XXX.XXX.XXX:1195
I configured the vpn on each side, and one side was setup as
client and the other as server. I gave each vpn setup the
public address of the other end’s router. As mentioned, I
forwarded traffic accordingly, and I left the defaults for all the
other settings. I did setup the gateway address for each and saw
that in the console of zeroshell I could ping external IPs.
But I couldn’t ping through the tunnel (there was never a tunnel
listed as working that I saw).
I am going to try to setup a simpler test environment, because
one side had double natting and who knows what one of the routers
might have said to the other in the dark 😉
But I want to make sure I’m doing this right. I am basically going to
setup two lans each with the same subnet settings, slap a router on each,
and give the routers fake public ip addresses in the same network so they
can talk without any other routers, connect the WANs of each router with
a switch, make sure all things are pingable properly, and config the
zeroshell virtual machines like I did already. Again that was to setup
their network cards to have distinct LAN addresses with gateways to
their router. And then on the LAN-to-LAN VPN setup page I click the
create VPN button and just enter the fake public ip address of the
opposite router. Then the tunnel should come up right? If it does,
I should then be able to ping from one lan to the other, right?
Thanks for your help,
You must be logged in to reply to this topic.