Creating a VPN with SSH2: A Real-Life Setup

5. A Real-Life Setup

Again take a look on the network sketch of the example vpn setup. What I will explain now is how to set up the PC and the Server to communicate via the vpn.

On the PC the default gateway is the router with the ip address 192.168.2.254. The PC is running any operating system like Linux, Windows ® or MacOS ® (for which the PC is a Mac ;).

The Server is located in another LAN anywhere connected to the PC LAN via the linux boxes. It runs any operating system like Linux, Windows ®, MacOS ®, Novell Netware ® or any other Unix.

The Server's default gateway is the router with the ip address 192.168.102.254.

Router R1's routing table

Destination     Gateway         Type    Netmask
192.168.1.0     192.168.1.254   direct  255.255.255.0
192.168.2.0     192.168.2.254   direct  255.255.255.0

192.168.101.0   192.168.1.1     remote  255.255.255.0
192.168.102.0   192.168.1.1     remote  255.255.255.0
192.168.253.0   192.168.1.1     remote  255.255.255.0

Router R2's routing table

Destination     Gateway         Type    Netmask
192.168.101.0   192.168.101.254 direct  255.255.255.0
192.168.102.0   192.168.102.254 direct  255.255.255.0

192.168.1.0     192.168.101.1   remote  255.255.255.0
192.168.2.0     192.168.101.1   remote  255.255.255.0
192.168.253.0   192.168.101.1   remote  255.255.255.0

The routing table on the Linux Master

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.253.4   0.0.0.0         255.255.255.255 UH     1500 0          0 ppp0
192.168.101.0   0.0.0.0         255.255.255.0   U      1500 0          0 eth0
192.168.253.0   0.0.0.0         255.255.255.0   U      1500 0          0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U      3584 0          0 lo
0.0.0.0         192.168.101.254 0.0.0.0         UG     1500 0          0 eth0

The routing table on the slave

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.253.3   0.0.0.0         255.255.255.255 UH     1500 0          0 ppp1
192.168.1.0     0.0.0.0         255.255.255.0   U      1500 0          0 eth0
192.168.253.0   0.0.0.0         255.255.255.0   U      1500 0          0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U      3584 0          0 lo
0.0.0.0         192.168.1.254   0.0.0.0         UG     1500 0          0 eth0

With these routing tables set up you are able to use a vpn via the ssh2 connection between the linux boxes.

But remember: The connection between the PC and the linux master server via R1 and the connection between the server and the linux slave server via R2 is still UNSECURE!!!

In this special configuration (ppp over ethernet) it should be possible to share secured and unsecured traffic over the same segment by setting the appropriate routes on the linux boxes using the ethernet interface addresses instead of the ppp addresses, but this is not tested yet, it's only theoretical!

Hint for Windows NT users To add a static route you can use the route add command in a dos box just like you do with linux, but of course with a different syntax >;)

To get the syntax just type route in a dos box.

Next Previous Contents