May 17, 2009 at 9:52 am #41681
Here is the diagram of my installation:
Side A :
Interface ETH0 : Public IP : 10.10.10.211 255.255.255.248
Interface VPN00 : 172.16.17.1 255.255.255.0
Side B :
Interface ETH0 : Public IP : 126.96.36.199 255.255.255.224
Interface VPN00 : 172.16.17.2 255.255.255.0
I installed ZeroShell on two server A and B, with a VPN tunnel Lan-to-Lan, the tunnel is UP,
My problem: On A side I have several Public IP, I want to use these Public IP (10.10.10.212) on Lan B.
As if this server with IP 10.10.10.212 were on the LAN A, But the difference, what all the traffic between A and B passes by tunnel VPN.
How it is necessary to configure? The Static route?
Clearly, I will give public IP 10.10.10.212 to another server which is on the LAN B.
Is It possible to use a Public IP of A side on B side?
Thank you for your answer.May 18, 2009 at 7:08 am #48108
What you ask is not very easy given the setup. You need to have an interface on router B that has an IP address in subnet 10.10.10.192/27 so you can add a static route. Otherwise you can do it with IPtables by changing the address fields, which is not quite advisable.May 18, 2009 at 9:54 pm #48109
Hello ppalias and thank you for your replay.
I want to choose your first solution, interface in router B, but I do not understand the subnet that you noted: 10.10.10.192, I specify that IP 10.10.10.211 is a public IP, and I put 10 not to note the true IP, I would have noted X.X.X.X.212.
I contacted fulvio for a solution and he says I need bridge the VPN. But I need more than details to make a success of this configuration. Can you detail the stages?
I think of testing this solution:
1-in B side I configure a subnet X.X.X.X/29 and in this subnet I configure a NIC with public IP: X.X.X.212 255.255.255.248
2-in A side I bridge ETH0 (public IP: X.X.X.211) and VPN00 with STP
3-in B side I bridge VPN00 with the interface of stage 1 (X.X.X.211) with STP
You think that this is a good solution?
Best regardsMay 19, 2009 at 7:19 am #48110
10.10.10.192 is the network address of 10.10.10.211/27, adjust it to your real address.
I would suggest splitting the public IP address space you got in 2 /28 pieces, give the first IP address to both ZS boxes on a new interface and add static routes. I wouldn’t try bridging ethernet and vpn interfaces.May 20, 2009 at 2:45 am #48111
Enable RIPv2 on the menu NETWORK/Router for your VPN00 interface and any other LAN interfaces on both zeroshell routers where your servers are connected.
Verify both zeroshell routers hear the RIP announcements under menu NETWORK/Router
Learned by RIP
Destination Netmask Type Metric Gateway Learned From State Time
If you see all the servers subnets in the above menu then the zeroshell routers know how to direct traffic to your servers. You can then add a virtual server entry for your servers on either zeroshell router.May 24, 2009 at 11:10 pm #48112
Ppalias, my ISP give me 5 public IP, Net ID: x.y.z.208 and net mask = 255.255.255.248, so I have 5 public IP (x.y.z.210-214 / 29).
I have to use x.y.z.213 & x.y.z.214 in side B (remoute network).
Is what you can detail your solution spliting public IP? how I can give the public IP to VPN tunnel? the IP address after spliting are routable public IP?
Best regards.May 25, 2009 at 11:49 am #48113
Sorry my mistake, I thought that you public addresses were 10.10.10.211/255.255.255.248 and 188.8.131.52 255.255.255.224 (and moreover I mistook the second subnet mask for the first subnet).
You will have just a couple of usable public IPs if you split it so it is not worth it. Other than that you can set up a host-to-lan tunnel, that will connect your servers wherever they are and provide with the public IP from your range.
You must be logged in to reply to this topic.