[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: [strongSwan] vpn endpoint with one eth ?
From: hburde () t-online ! de (Holger Burde)
Date: 2006-06-14 19:10:09
Message-ID: 1150301482.2707.13.camel () marvin ! burde-consulting ! de
[Download RAW message or body]
hi;
I want to install a VPN Gateway in my DMZ behind the
Firewall. It's not sure yet if the VPN Endpoint gets a public IP or will
be nat'ed (both should work). So i somehow need to find out
1) if the VPN Endpoint works that way with just one
physical Interface (eth0) ?
2) Are there any restrictions/problems with such a 'one leg'
configuration ?
3) Something
EXTERN
[Router] --- [FW] --- LAN (192.168.x.0/24)
|
|+VPNBox (eth0: eip on lan0,iip on lan1)
DMZ
eip=external ip (nat or public IP)
iip=private ip (192.168.y.0/24)
lan=192.168.x.0/24
My 1s thought was to create a 2nd logical Network in the DMZ Segment
- (iip) is the lan 'behind' the VPN Box in that case. So the VPN Client
needs access to 192.168.x.0/24 and 192.168.y.0/24 ? I looked for such an
example (Strongswan) case but couldn't find anything with enough detail.
Anyone here who successfull did such a config and may share
opinion/config/links ?
Thx in advance
hb
--
--- -- -
Dipl. Inform. H. Burde
EMail : <hburde@t-online.de>| <hburde@uni-bremen.de>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic