Do I need two network cards for VPN server behind firewall

cliff at MAIL.WRKCS.COM cliff at MAIL.WRKCS.COM
Thu Apr 20 09:42:27 EDT 2000


The short answer:  Yes.  The reason for this is that they would use the
VPN server as a bastion host, putting one interface on the "public" DSL
side and one on the "private" LAN side.  The topology would look like this
(use monospace font to read).

LAN                VPN SERVER              ROUTER            INTERNET
      10.10.10.0               DSL Network        Public Net

O---------------------O Eth0
                 Eth1 O-----------------------O-------------------OOO

You then would set up your VPN machine to route any packets destined for
the outside over the public interface where they would be handled by
S/WAN.  Although I haven't done this specifically with S/WAN, I have done
this setup with CIPE and it works fine.

Now, you could technically do this without the second card by building a
sub-interface on the first card that would be a PPP link between the
router and the machine and pipe your encrypted stuff over the link.  This
would be a little complicated because you would have to stack IPs on your
ethernet port on your DSL router and do a little creative routing to make
it work.  You are probably also going to see some collisions when you do
this.  I would not suggest this unless you really feel like playing around
and can't come up with the bucks to pay for the NIC.  Much eaiser and
quicker to do this the other way.

Hope this helps you out.

Cliff Friedel


On Tue, 18 Apr 2000, Bing Zhang wrote:

>  We currently use our dsl router as firewall. Now we want to put a VPN
> server behind the firewall to enable employee work at home to dial up their
> ISP and connect to all the machines on our company LAN via VPN. But I am not
> sure the connection topology: will this VPN server be another router? i.e.
> it has to have two network cards, one connect directly to dsl, the other one
> connect to the hub which connects to rest of the machines? Or does this VPN
> server only need one network card as a normal machine, the VPN software will
> take care of the IP packets routing between the machines on our LAN and
> machines at employee's home?
>
> The VPN server I plan to use Linux S/WAN running on Red Hat 6.2.
>
> Thanks
>
> Bing
>
> VPN is sponsored by SecurityFocus.COM
>

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list