ZeroShell and Public IP in Lan-to-Lan

[Eric]

Hello,

Here is the diagram of my installation:

Side A :
Interface ETH0 : Public IP : 10.10.10.211 255.255.255.248
Interface VPN00 : 172.16.17.1 255.255.255.0
Side B :
Interface ETH0 : Public IP : 20.20.20.68 255.255.255.224
Interface VPN00 : 172.16.17.2 255.255.255.0

I installed ZeroShell on two server A and B, with a VPN tunnel Lan-to-Lan, the tunnel is UP,

My problem: On A side I have several Public IP, I want to use these Public IP (10.10.10.212) on Lan B.
As if this server with IP 10.10.10.212 were on the LAN A, But the difference, what all the traffic between A and B passes by tunnel VPN.

How it is necessary to configure? The Static route?

Clearly, I will give public IP 10.10.10.212 to another server which is on the LAN B.

Is It possible to use a Public IP of A side on B side?

Thank you for your answer.

[ppalias]

What you ask is not very easy given the setup. You need to have an interface on router B that has an IP address in subnet 10.10.10.192/27 so you can add a static route. Otherwise you can do it with IPtables by changing the address fields, which is not quite advisable.

[Eric]

Hello ppalias and thank you for your replay.
I want to choose your first solution, interface in router B, but I do not understand the subnet that you noted: 10.10.10.192, I specify that IP 10.10.10.211 is a public IP, and I put 10 not to note the true IP, I would have noted X.X.X.X.212.
I contacted fulvio for a solution and he says I need bridge the VPN. But I need more than details to make a success of this configuration. Can you detail the stages?
I think of testing this solution:
1-in B side I configure a subnet X.X.X.X/29 and in this subnet I configure a NIC with public IP: X.X.X.212 255.255.255.248
2-in A side I bridge ETH0 (public IP: X.X.X.211) and VPN00 with STP
3-in B side I bridge VPN00 with the interface of stage 1 (X.X.X.211) with STP

You think that this is a good solution?
Best regards

[ppalias]

10.10.10.192 is the network address of 10.10.10.211/27, adjust it to your real address.

I would suggest splitting the public IP address space you got in 2 /28 pieces, give the first IP address to both ZS boxes on a new interface and add static routes. I wouldn’t try bridging ethernet and vpn interfaces.

[vpn_rollercoaster]

Enable RIPv2 on the menu NETWORK/Router for your VPN00 interface and any other LAN interfaces on both zeroshell routers where your servers are connected.
Verify both zeroshell routers hear the RIP announcements under menu NETWORK/Router

Learned by RIP
Destination Netmask Type Metric Gateway Learned From State Time

If you see all the servers subnets in the above menu then the zeroshell routers know how to direct traffic to your servers. You can then add a virtual server entry for your servers on either zeroshell router.

[Eric]

Ppalias, my ISP give me 5 public IP, Net ID: x.y.z.208 and net mask = 255.255.255.248, so I have 5 public IP (x.y.z.210-214 / 29).
I have to use x.y.z.213 & x.y.z.214 in side B (remoute network).
Is what you can detail your solution spliting public IP? how I can give the public IP to VPN tunnel? the IP address after spliting are routable public IP?
Best regards.

[ppalias]

Sorry my mistake, I thought that you public addresses were 10.10.10.211/255.255.255.248 and 20.20.20.68 255.255.255.224 (and moreover I mistook the second subnet mask for the first subnet).

You will have just a couple of usable public IPs if you split it so it is not worth it. Other than that you can set up a host-to-lan tunnel, that will connect your servers wherever they are and provide with the public IP from your range.

[Author]

Posts