ZeroShell and Public IP in Lan-to-Lan

Forums Network Management ZeroShell ZeroShell and Public IP in Lan-to-Lan

  • This topic is empty.
Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
  • #41681


    Here is the diagram of my installation:

    Side A :
    Interface ETH0 : Public IP :
    Interface VPN00 :
    Side B :
    Interface ETH0 : Public IP :
    Interface VPN00 :

    I installed ZeroShell on two server A and B, with a VPN tunnel Lan-to-Lan, the tunnel is UP,

    My problem: On A side I have several Public IP, I want to use these Public IP ( on Lan B.
    As if this server with IP were on the LAN A, But the difference, what all the traffic between A and B passes by tunnel VPN.

    How it is necessary to configure? The Static route?

    Clearly, I will give public IP to another server which is on the LAN B.

    Is It possible to use a Public IP of A side on B side?

    Thank you for your answer.


    What you ask is not very easy given the setup. You need to have an interface on router B that has an IP address in subnet so you can add a static route. Otherwise you can do it with IPtables by changing the address fields, which is not quite advisable.


    Hello ppalias and thank you for your replay.
    I want to choose your first solution, interface in router B, but I do not understand the subnet that you noted:, I specify that IP is a public IP, and I put 10 not to note the true IP, I would have noted X.X.X.X.212.
    I contacted fulvio for a solution and he says I need bridge the VPN. But I need more than details to make a success of this configuration. Can you detail the stages?
    I think of testing this solution:
    1-in B side I configure a subnet X.X.X.X/29 and in this subnet I configure a NIC with public IP: X.X.X.212
    2-in A side I bridge ETH0 (public IP: X.X.X.211) and VPN00 with STP
    3-in B side I bridge VPN00 with the interface of stage 1 (X.X.X.211) with STP

    You think that this is a good solution?
    Best regards

    Member is the network address of, adjust it to your real address.

    I would suggest splitting the public IP address space you got in 2 /28 pieces, give the first IP address to both ZS boxes on a new interface and add static routes. I wouldn’t try bridging ethernet and vpn interfaces.


    Enable RIPv2 on the menu NETWORK/Router for your VPN00 interface and any other LAN interfaces on both zeroshell routers where your servers are connected.
    Verify both zeroshell routers hear the RIP announcements under menu NETWORK/Router

    Learned by RIP
    Destination Netmask Type Metric Gateway Learned From State Time

    If you see all the servers subnets in the above menu then the zeroshell routers know how to direct traffic to your servers. You can then add a virtual server entry for your servers on either zeroshell router.


    Ppalias, my ISP give me 5 public IP, Net ID: x.y.z.208 and net mask =, so I have 5 public IP (x.y.z.210-214 / 29).
    I have to use x.y.z.213 & x.y.z.214 in side B (remoute network).
    Is what you can detail your solution spliting public IP? how I can give the public IP to VPN tunnel? the IP address after spliting are routable public IP?
    Best regards.


    Sorry my mistake, I thought that you public addresses were and (and moreover I mistook the second subnet mask for the first subnet).

    You will have just a couple of usable public IPs if you split it so it is not worth it. Other than that you can set up a host-to-lan tunnel, that will connect your servers wherever they are and provide with the public IP from your range.

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.