[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

VPN overview

To: bofh@PIsoftware.com
Subject: VPN overview
From: Bradley Marshall <bmarshal@PIsoftware.com>
Date: Thu, 21 Mar 2002 13:10:57 +1000
User-agent: Mutt/1.3.27i

Hi all,

I've just had an interesting few days thinking about this VPN
stuff, and working on getting some of it going.  As I see it,
there are 4 distinct network setups.

1) Road warrior

A road warrior is simply a machine that's out on the internet
somewhere, which may or may not have a static ip address, and
wishes to communicate back to the office.  The most common
example of this situation is that of a laptop dialed up to
some ISP.  This is perhaps the simplest case, and is not very
hard to setup.

             _______                   |
+---+       /       \      +----+      |      -+
| L |-------| I'net |------| R  |------+   +--+|
+---+       \_______/      +----+      |---|WS|
                                       |   +--+

2) Subnet to Subnet

This is the situation where you wish to have a subnet behind
a router of some kind talk to the office subnet.  This is
most common in the situation where you have a machine at home
providing network access for the rest of the house, and you
wish the entire network to see the office.  I belive this will
not be a very common situation for us, as home networks should
essentially be considered untrusted, and we should treat it
as the next case, and get a nominated workstation to initiate
the connection.

+--+  |                  _______                   |
|WS|--|     +---+       /       \      +----+      |      -+
+--+  +-----| R |-------| I'net |------| R  |------+   +--+|
      |     +---+       \_______/      +----+      |---|WS|
      |                                            |   +--+

3) Road warrior behind firewall

This situation is where the road warrior has some form of IP
connectivity, which may be via ethernet or some other means,
in a hotel, at a conference, etc.  The road warrior is likely
to have a dynamic ip address, and wishes to connect back into
the office.

+--+  |                  _______                   |
|RW|--|     +---+       /       \      +----+      |      -+
+--+  +-----| R |-------| I'net |------| R  |------+   +--+|
      |     +---+       \_______/      +----+      |---|WS|
      |                                            |   +--+

4) Road warrior behind uncooperating firewall

This is similar to the situation above, but the firewall in
front of the road warrior does not let the ipsec connection
through.  The best solution is probably to dial up over modem,
and connect as per situation 1, but only route traffic for
the office over the modem.

   Modem
+--+ | |                  _______                   |
|RW|---|     +---+       /       \      +----+      |      -+
+--+   +-----| R |-------| I'net |------| R  |------+   +--+|
  |    |     +---+       \_______/      +----+      |---|WS|
  |    |                     ^                       |   +--+
+--+                         |
|R |-------------------------+
+--+

I've worked out how to do situation 1 and 2, and will continue
working on 3.  More details to follow.

Thanks,
Brad
-- 
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
|Brad Marshall                    |           Plugged In Software|
|Senior Systems Administrator     |     http://www.pisoftware.com|
|mailto:bmarshal@pisoftware.com   |  GPG Key Id: 47951BD0 / 1024b|
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+
 Fingerprint:  BAE3 4794 E627 2EAF 7EC0  4763 7884 4BE8 4795 1BD0

Prev by Date: Sony Cybershot Digital Camera support under linux
Next by Date: Freeswan Configuration
Previous by thread: Sony Cybershot Digital Camera support under linux
Next by thread: Freeswan Configuration
Index(es):
- Date
- Thread