ZeroShell and Public IP in Lan-to-Lan

Home Page Forums Network Management ZeroShell ZeroShell and Public IP in Lan-to-Lan

This topic contains 5 replies, has 0 voices, and was last updated by  Eric 9 years, 11 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #41681

    Eric
    Member

    Hello,

    Here is the diagram of my installation:

    Side A :
    Interface ETH0 : Public IP : 10.10.10.211 255.255.255.248
    Interface VPN00 : 172.16.17.1 255.255.255.0
    Side B :
    Interface ETH0 : Public IP : 20.20.20.68 255.255.255.224
    Interface VPN00 : 172.16.17.2 255.255.255.0

    I installed ZeroShell on two server A and B, with a VPN tunnel Lan-to-Lan, the tunnel is UP,

    My problem: On A side I have several Public IP, I want to use these Public IP (10.10.10.212) on Lan B.
    As if this server with IP 10.10.10.212 were on the LAN A, But the difference, what all the traffic between A and B passes by tunnel VPN.

    How it is necessary to configure? The Static route?

    Clearly, I will give public IP 10.10.10.212 to another server which is on the LAN B.

    Is It possible to use a Public IP of A side on B side?

    Thank you for your answer.

    #48108

    ppalias
    Member

    What you ask is not very easy given the setup. You need to have an interface on router B that has an IP address in subnet 10.10.10.192/27 so you can add a static route. Otherwise you can do it with IPtables by changing the address fields, which is not quite advisable.

    #48109

    Eric
    Member

    Hello ppalias and thank you for your replay.
    I want to choose your first solution, interface in router B, but I do not understand the subnet that you noted: 10.10.10.192, I specify that IP 10.10.10.211 is a public IP, and I put 10 not to note the true IP, I would have noted X.X.X.X.212.
    I contacted fulvio for a solution and he says I need bridge the VPN. But I need more than details to make a success of this configuration. Can you detail the stages?
    I think of testing this solution:
    1-in B side I configure a subnet X.X.X.X/29 and in this subnet I configure a NIC with public IP: X.X.X.212 255.255.255.248
    2-in A side I bridge ETH0 (public IP: X.X.X.211) and VPN00 with STP
    3-in B side I bridge VPN00 with the interface of stage 1 (X.X.X.211) with STP

    You think that this is a good solution?
    Best regards

    #48110

    ppalias
    Member

    10.10.10.192 is the network address of 10.10.10.211/27, adjust it to your real address.

    I would suggest splitting the public IP address space you got in 2 /28 pieces, give the first IP address to both ZS boxes on a new interface and add static routes. I wouldn’t try bridging ethernet and vpn interfaces.

    #48111

    Enable RIPv2 on the menu NETWORK/Router for your VPN00 interface and any other LAN interfaces on both zeroshell routers where your servers are connected.
    Verify both zeroshell routers hear the RIP announcements under menu NETWORK/Router

    Learned by RIP
    Destination Netmask Type Metric Gateway Learned From State Time

    If you see all the servers subnets in the above menu then the zeroshell routers know how to direct traffic to your servers. You can then add a virtual server entry for your servers on either zeroshell router.

    #48112

    Eric
    Member

    Ppalias, my ISP give me 5 public IP, Net ID: x.y.z.208 and net mask = 255.255.255.248, so I have 5 public IP (x.y.z.210-214 / 29).
    I have to use x.y.z.213 & x.y.z.214 in side B (remoute network).
    Is what you can detail your solution spliting public IP? how I can give the public IP to VPN tunnel? the IP address after spliting are routable public IP?
    Best regards.

    #48113

    ppalias
    Member

    Sorry my mistake, I thought that you public addresses were 10.10.10.211/255.255.255.248 and 20.20.20.68 255.255.255.224 (and moreover I mistook the second subnet mask for the first subnet).

    You will have just a couple of usable public IPs if you split it so it is not worth it. Other than that you can set up a host-to-lan tunnel, that will connect your servers wherever they are and provide with the public IP from your range.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.