[olug] VPN / iptables type question

Nathan D. Rotschafer nrotschafer at geniussystems.net
Thu Jan 22 22:10:38 UTC 2004 

Just to point out how this works...

NOTE:  This is from a cisco perspective (basically from the perspective of 
doing it on my cisco 2620 in my house)

What you need to look for is a split tunneling option (yes split tunneling is 
the technical term).  What you do is setup a set of parameters (access-lists 
on cisco stuff) that define what you want to go across the vpn.  Then if the 
traffic does not meet the requirements is goes out the normal gateway.  So 
the routing priority is:

1. Local network traffic
2. VPN tunnels
3. Default gateway

Any questions I will try and help!

Thanks,
Nate

On Thursday 22 January 2004 01:00 pm, Shaughn wrote:
> Phil Brutsche wrote:
> > Shaughn wrote:
> >> Hello. I just got asked a question on a scenario.
> >>
> >> Company #1 and Company #2, want to both VPN to Server C.
> >>
> >> So, in my mind, with this, #1 and #2 will be on the same network as
> >> S.C, so they will all beable to see eachother? correct? All machiens
> >> from #1 can access #2 and S.C.
> >>
> >> I would like ot know if it's possible to have #1 and #2 machines
> >> route the traffic. Like all local traffic to the S.C goes to the S.C,
> >> but any internet traffic goes through the gateway of their ISP, and
> >> not the S.C as a VPN would do.
> >
> > Keep in mind that the term "VPN" is actually very generic, and the
> > precise details of how the VPN acts with regard to routing encrypted or
> > unencrypted traffic is implementation specific, and there are
> > frequently little knobs that can be turned to change those details.
> >
> > So the answers to your questions are "Yes" and "No".  Which question
> > is answered with "Yes" or "No" depends on *WHAT* you are going to use
> > to implement the VPN.  Are you going to use little firewall boxes,
> > like Netscreens, SonicWALLs, or PIXes?  CIPE?  OpenVPN?  IPsec? What
> > about Microsoft PPTP?
> >
> > The question you need to ask is "Will the VPN implementation I'm going
> > to use have the behavior I want?"
> >
> > Am I confusing enough yet? ;)
>
> No you're not confusing enough.
>
> What's going on, is a client has offices in three towns. Two of the
> towns are the #1 and #2, the third is S.C. at location S.C, there is a
> windows fileserver that will be attached to the network, thus giving #1
> && #2 access to it through the VPN. (am i correct in thinking this?)
>
> Also, VNC type of traffic will also be going through the VPN.
>
> all 3 'vpn' boxes will be linux based, i'm not sure of the software /
> features needed. Encyrption, TLS, etc are probably key.

More information about the OLUG mailing list