We have a setup where we are running Astaro in a DMZ with only 1NIC. We want to use Astaro as a VPN gateway where all the clients can reach each other and be protected behind the firewall content proxy before going to the Internet (NAT). This does not seem possible without some work. So we've tried creating a fake adapter using the following means: ip link add eth-dummy type dummy ifconfig eth0:1 192.168.1.0/24 Would have tried VLANs but tagged and untagged frames don't seem to be allowed on the same NIC by astaro. And tuntap, but that does not seem to be available We don't want our fake internal network to be exposed by the physical NIC if possible (so eth0:1 was worth trying but not desirable.) Any suggestions? Thanks.

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Virtual / Dummy / Fake Interface?

We have a setup where we are running Astaro in a DMZ with only 1NIC. We want to use Astaro as a VPN gateway where all the clients can reach each other and be protected behind the firewall content proxy before going to the Internet (NAT). This does not seem possible without some work.

So we've tried creating a fake adapter using the following means:

ip link add eth-dummy type dummy
ifconfig eth0:1 192.168.1.0/24
Would have tried VLANs but tagged and untagged frames don't seem to be allowed on the same NIC by astaro.
And tuntap, but that does not seem to be available

We don't want our fake internal network to be exposed by the physical NIC if possible (so eth0:1 was worth trying but not desirable.)

Any suggestions?

Thanks.

This thread was automatically locked due to age.

Parents

0 BarryG over 14 years ago

Hi, I know the content filter can run on a single NIC.

Have you taken a look at the IPS and PacketFilter logs? It could be the spoof protection or another security feature that is getting in the way.

How far have you gotten with connectivity?

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 kipper over 14 years ago in reply to BarryG

Not very far because the remote access VPN wants 2 networks. So this made us think about dhcp for the VPN as well. If there is no internal interface, then there would be no gateway either. This also made us think about packet filtering between VPN clients. How would you describe that without knowing what ips the client will be assigned?

(btw, please excuse the thumb typing)

Thanks
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 kipper over 14 years ago in reply to BarryG

Not very far because the remote access VPN wants 2 networks. So this made us think about dhcp for the VPN as well. If there is no internal interface, then there would be no gateway either. This also made us think about packet filtering between VPN clients. How would you describe that without knowing what ips the client will be assigned?

(btw, please excuse the thumb typing)

Thanks
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data