0

I would like to build some kind of "virtual network" between two companies located in two different countries. This way, an LAN machine (192.168.x.x) located in the A company could ping directly a LAN (172.16.x.x) machine located in the B company... And vice-versa of course.

In one word: a tunnel...

I guess I have to put, behind ISP router of each company, a box to "connect" my bridged networks. Of course the "conversation" must be done in a secure way (VPN)

Fine, but now What kind of linux distro. will fit the best ? Zentyal, Ipcop , third one ?

jollyroger
  • 1,650
  • 11
  • 19
Stef
  • 572
  • 1
  • 6
  • 16
  • What you're describing won't be achieved with a bridge. – womble Mar 11 '12 at 19:35
  • Ok, sorry. My first reference was https://help.ubuntu.com/community/OpenVPN which uses the term "bridge" – Stef Mar 14 '12 at 09:24
  • Yes, it uses the term bridge to apply to a bridge, which it correctly defines in the section entitled "What is a bridged VPN?". What you want, on the other hand, is not a bridge, because you want to route packets between two separate L2 networks. – womble Mar 14 '12 at 09:41

2 Answers2

2

Look at OpenVPN. Setting up OpenVPN on Linux boxes for site-to-site VPN isn't that difficult a task.

There are apparently OpenVPN appliances:

http://openvpn.net/index.php/access-server/download-openvpn-as-vm.html

I haven't used those, so I'm not sure how they work, but they might be a more appropriate fit for your experience/needs.

Oh, "bridging" isn't an appropriate term, I think, since you're trying to connect two different LANs, both with their own address spaces. What you're describing is just site-to-site (or LAN-to-LAN) VPN.

cjc
  • 24,916
  • 3
  • 51
  • 70
  • Ok, my fault for wrong term, thanks! So basically, I set two OpenVpn on my two ended servers, routing on my local machines and go on... sounds nice ! – Stef Mar 11 '12 at 15:53
  • 1
    You'd have an OpenVPN server on one side, and an OpenVPN client on the other. If this is your only OpenVPN installation, you can set it up with static keys rather than bothering with setting up a Certificate Authority just for the VPN. If you want to set up OpenVPN yourself, take a look at these docs: http://openvpn.net/index.php/open-source/documentation/howto.html#scope – cjc Mar 11 '12 at 16:24
2

Depending on the routers your companies use you might want to try:

  • OpenVPN (as described in @cjc's answer)
  • IPSec using Openswan/Strongswan (supports building VPN with Cisco devices)
  • and even just using SSH

Some router firmware (like DD-WRT, Tomato or OpenWRT) have already built-in support for OpenVPN so you just might want to upgrade the fimware on the routers without any need to have additional box.

Setting up IPSec with almost every Linux distro is easy as well. Note that IPSec processing runs in the kernel space while OpenVPN does all the work in userspace and thus generates bigger system load.

jollyroger
  • 1,650
  • 11
  • 19