April 8, 2008 at 3:58 pm #40985
Hello, I am very new to zeroshell but would like to try it in our environment. I would like to set up a simple, non-bridged Lan to Lan connection between our main site and a remote site but am unclear on the steps necessary.
This is what I’ve done so far:
Installed Zeroshell on two boxes:
ETH00 172.20.2.77 subnet 255.255.255.0
ETH01 xxx.xxx.xxx.xxx (static public address)
VPN00 with address 192.168.200.1, remote host yyy.yyy.yyy.yyy (using local CA cert.)
ETH00 172.30.2.77 subnet 255.255.255.0
ETH01 yyy.yyy.yyy.yyy (static public address)
VPN00 with address 192.168.200.2, remote host xxx.xxx.xxx.xxx (using local CA cert.)
What more do I need to get the VPN to connect?
Do I need static routes? firewall allow rules?
Each box is a CA. In setting up VPN00 on each box, do I need to import a certificate from Box1 and use it on VPN00 on box2?
I would be happy to create a document for the website listing all the necessary steps, but I first need to know what they are.
Thanks for any help.
I can remove VPN00 from each side and set up staic routes so that raw traffic passes through both boxes. But how is the Lan to Lan set up?
Do I assign each VPN00 an ip on different subnets?
Any consultants out there willing to charge for a few hours?April 9, 2008 at 5:39 pm #46359
Doesn’t appear to be a very active forum.
Time to move on…April 22, 2008 at 1:56 am #46360
I might have a couple of ideas/pointers for you, but first can I ask a question to clarify?
The impression I get is that you want to physically (ie lan-to-lan) join the eth0 network of each box (so . . the “far” ends of the connection), but the two networks are on different subnets.
Do you have a routing device in the picture somewhere?
I’ve implemented several instances of client-to-lan and also lan-to-lan, so I hope to be of help to you. Once you get a couple of concepts understood (well), zeroshell is so easy to work with . . almost a work of art!
Don’t give up on zs just yet.April 24, 2008 at 6:22 pm #46361
Well, I didn’t give up after all. I found a local consultant who came in and set up the connection in a couple of hours. He imported one cert onto box2, added some routing statements on box1 and box2, waved his magic wand and, voila! Success.
I am now stress testing it before it’s deployed on our network. Testing is going well so far.
You must be logged in to reply to this topic.