Can I LAN to LAN VPN with only one NIC?

Home Page Forums Network Management ZeroShell Can I LAN to LAN VPN with only one NIC?

This topic contains 0 replies, has 0 voices, and was last updated by  getout 5 years, 1 month ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #43940

    getout
    Member

    If I have two ZS boxes A and B on separate networks on the internet, both have a single connection to the internet.

    ZS-A has two NIC’s connected to a single switch, the switch gets an internet connection from a router with IP 192.168.1.1/24 (set as Default GW for ZS-A). ZS-A ETH00 connects to the internet connection with IP 192.168.1.2/24 (behind NAT) ETH01 has IP 172.16.1.1/16 and will be used for client devices.

    ZS-B has only one NIC with a public IP address ETH00 26.20.20.20/24 and Default GW 26.20.20.1

    I want ZS-A to connect to the internet through ZS-B using the the public IP of ZS-B. Can I do this by setting up a LAN to LAN VPN if ZS-B has only one NIC? If I understand the LAN to LAN VPN correctly I will need to have a second NIC on ZS-B eg:

    (if ZS-B has second NIC) ZS-B ETH01 10.0.0.1/8
    ZS-B LAN to LAN VPN Server IP 192.168.250.250/24
    ZS-A LAN to LAN VPN Client IP 192.168.250.251/24

    If ZS-B had a second NIC I would route to ZS-A with a static route like – Destination 172.16.0.0/16 via GW 192.168.250.251/24 and the reverse on ZS-A like- Destination 10.0.0.0/8 via GW 192.168.250.250/24.

    But if I can’t install a second NIC on ZS-B how can I accomplish this?
    Should I not use VPN to accomplish this?

    ZS-A (In Office behind NAT)
    ETH00 192.168.1.2/24
    ETH01 172.16.1.1/16
    VPN00 Client 192.168.250.251

    ZS-B (In Data Centre. Only one NIC)
    ETH00 20.20.20.26/24 Public IP
    VPN00 Server 192.168.250.250

    Cheers,

    Sparki.

    #53306

    getout
    Member

    OK so now I understand. Disregard my post above (what a mess). I was confused about how to set the internet gateway and was thinking I had to do this manually (trying all sorts of crazy things) but then realized that NetBalancer does this by applying individual rules. I was way off!

    From what I now understand about Linux IPtables or netfilter is that by creating individual rules in NetBalancer it must be creating PREROUTING and POSTROUTING rules in the NAT table forcing all traffic from one interface (LAN NIC) down another (VPN interface).

    Correct me if I’m wrong here…..

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.