[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-users
Subject:    [strongSwan] vpn endpoint with one eth  ?
From:       hburde () t-online ! de (Holger Burde)
Date:       2006-06-14 19:10:09
Message-ID: 1150301482.2707.13.camel () marvin ! burde-consulting ! de
[Download RAW message or body]

hi;

I want to install a VPN Gateway in my DMZ behind the 
Firewall. It's not sure yet if the VPN Endpoint gets a public IP or will
be nat'ed (both should work). So i somehow need to find out

1) if the VPN Endpoint works that way with just one 
   physical Interface (eth0) ?
2) Are there any restrictions/problems with such a 'one leg' 
   configuration ?
3) Something 


       EXTERN
[Router] --- [FW] --- LAN  (192.168.x.0/24)
               |
               |+VPNBox (eth0: eip on lan0,iip on lan1)   
              DMZ

eip=external ip        (nat or public IP)
iip=private ip         (192.168.y.0/24)
lan=192.168.x.0/24     

My 1s thought was to create a 2nd logical Network in the DMZ Segment
- (iip) is the lan 'behind' the VPN Box in that case. So the VPN Client
needs access to 192.168.x.0/24 and 192.168.y.0/24 ? I looked for such an
example (Strongswan) case but couldn't find anything with enough detail.

Anyone here who successfull did such a config and may share
opinion/config/links ?

Thx in advance
hb 
-- 
--- -- -
Dipl. Inform. H. Burde 
EMail : <hburde@t-online.de>| <hburde@uni-bremen.de>

[prev in list] [next in list] [prev in thread] [next in thread]