[NTLUG:Discuss] pass all packets between two nics

Jack Snodgrass jack+ntlug at mylinuxguy.net
Thu Jun 5 07:51:18 CDT 2003 

On Wed, 04 Jun 2003 22:38:11 -0500, severia wrote:


>>So... you make a VPN connection from your home to work and get a
>>172.16.14.x address assigned to your home machine. You have a
>>secure, encrypted tunnel set up.
>     Well, that is pretty neat.  I wondered how I was going to address the 
> machine at work.  I did not realize that the home machine would get an IP 
> address.  That means the home machine would have two IP addresses.  One I 
> assign with the VPN and whatever their ISP or local lan gave them 
> normally.  Do I understand that correctly and is it a problem?

that's it. Your home box will have both a real, ISP assigned Address
and a private, VPN assigned Address. The VPN client will setup routes
for your private network to go via your VPN interface. So... if you 
ping www.yahoo.com for instance, you'll go via your ISP and use your
ISPs address. If you ping your WindowsA machine, you'll go via your 
VPN connection to your private network. The VPN connection will encrypt
the packet that is going to go over your VPN and it will then send it 
to your VPN server over the internet using the public IP Addresses. 


>>  you do vncviewer 172.16.14.x ( ip of windowsA at work ) and you
>>login to that box.
>>
>>You can do vncviewer windowsB and login to windowsB.
>>
>>No port forarding or anthing is needed. You route all of your 172.16.14.x
>>traffic over your VPN tunnel.
>     I understand that Windows 2000 has a VPN client.  Is the scenario you 
> paint applicable to that, or is some other client needed?  

there are linux servers that work with windows VPN clients. 
I've set this up 16+ months ago. I haven't looked at this lately. 
I use linux -to- linux VPN stuff now. 

> I do need a 
> static IP for the VPN server at work, don't I.  I have seen references to 
> road warrior configuration, which is what I thought I was going to set 
> up.  Those always referred to a static IP on the server and the client 
> could vary.  I just need to give the people their X.509 certificates to 
> take home with them.

You can test with dynamic addresses. I use dynamic addresses for my VPN 
stuff. I have tools for the client to get the current server address
before it makes a connection. If the server address changes, I loose the
connection and have to reconnect. I can live with this. Users will prefer
to have a static address on the server. 

jack

More information about the Discuss mailing list