This is the configuration of the VPN I used and which I will explain in this document. If you are using the internet as the so-called "insecure network" and you are using private IP adresses as stated in RFC 1918 you'll have to set up masquerading as well on the linux boxes which I do not explain here. For such a configuration take a look at the VPN-Masquerading-HOWTO.
+-------+ +-------+
| Linux |<<---------VPN-------->>| Linux |
| Master| | Slave |
.1 +-------+ .1/.3 .4/.2 +-------+ .1
eth0| |eth1/ppp0 ppp0/eth1| |eth0
| | | |
| | 192.168.253.0/24 | |
| | /----------\ | |
| | | insecure | | |
| +--------+ network +--------+ |
| | via ssh2 | |
| \----------/ |
192.168.1.0/24| | 192.168.101.0/24
|--------+----+------| |------+----+------------------|
| |
| .254 |
/+\ /+\ .254
|R| |R|
|1| |2|
.254 \+/ .254 \+/
| 192.168.2.0/24 | 192.168.102.0/24
|----+-+----| |---+--+----|
| |
| |
| |
+----+ .1 +--------+ .1
| PC | | Server |
+----+ +--------+
To simplify the example the "insecure network" is set up in that way that both eth1 nics are connected to the same LAN called 192.168.253.0/24, but could be set up in a different LAN which can be found via any way between the master and the slave, in other words a route has to exist between the master and the slave.
Also make sure that the routers know the route to the other side is via the linux boxes. This can be done either with statically defined routes or with setting up RIP on both the routers and the linux boxes (on linux you'll have to install and configure routed or gated for RIP functionality which I will NOT cover here).
Linux Master:
eth0: 192.168.1.1/24
eth1: 192.168.253.1/24
ppp0: 192.168.253.3/24
Linux Slave:
eth0: 192.168.101.1/24
eth1: 192.168.253.2/24
ppp0: 192.168.253.4/24
PC: 192.168.2.1
Server: 192.168.102.1
Rx = Router:
All routerports use an address ending with .254, these are:
192.168.1.254
192.168.2.254
192.168.101.254
192.168.102.254