View Single Post
Old 3rd February 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default Problem statement and solution architecture

As I'd stated above, IPSec is easier because one doesn't need to deal with a virtual subnet on the tunnel itself, as we do with SSH. When I tested this, I just used NAT on tun0 -- but this more robust solution, below, is a possibility. I may use BINAT and NAT in combination, if I determine it makes a simpler solution.

I'll be testing this and coming up with sample scripts and config files this week, but I thought I would publish an initial architecture beforehand... just in case I've missed something obvious. And it's easy to miss something; there are six virtual IP subnets in the solution.

Problem:



Solution:



Last edited by jggimi; 3rd February 2009 at 08:21 PM.
Reply With Quote