No problem. The scenario you have described can be accomplished quite easily. All you have to do is establish a tunnel between two security gateways that have connections to your "dummienet" and then setup links on your LTSPserver2 to run apps on LTSPserver1 whenever the user clicks the icon for that app. In your scenario, you could setup FreeS/WAN on both LTSP servers and have them connect directly to the dummienet segment, but I would recommend a separate Firewall/Security Gateway for each endpoint when you do this for real (i.e., over the Internet). You really don't want your security to rest on the LTSP servers and have them directly connected to the Internet.
Just to show you what you might be looking at (and the following scenario will work regardless of being fake IP's as in the example or real IP's as in on the Internet): Network 1 = 192.168.1.0/24 | Dummy Net = 192.168.3.0/24 | Network 2 = 192.168.2.0/24 LTSPclient(s)------------------LTSPserver1----(VPN tunnel)----LTSPserver2--------------------LTSPclient(s) In this scenario, all Network 1 clients will have a default route of the security gateway (being LTSPserver1) which has a route to Network 2 via the VPN tunnel setup on what we called Dummy Net (or Network 3). Obviously, the inverse is true as well, that being Network 2 has a route to Network 1 via the VPN tunnel over the Dummy Net. Whenever a packet is generated on one of the networks and is destined for the other network, the security gateway that is in that network receives the packet, as it is the default gateway for communication with unknown IP addresses that the clients themselves do not have routes to, and takes care of encrypting the contents and packaging up the packet for tranmittal accross the VPN tunnel. The same thing happens on the other end when the reply is sent from the host that was being contacted. Hope that helps. Your scenario is totally doable, and in fact, we have a client that we have setup in this way where we have linked four of their offices through FreeS/WAN VPN tunnels via the Internet. They will save a lot in monthly frame relay fees by going this route. Plus they have a completely intermeshed network now. There are a total of six tunnels, three per security gateway. A---------D |\ /| | \ / | | \ / | | \ / | | | | | / \ | | / \ | | / \ | |/ \| B---------C Each security gateway has an independent link to every other network segment. So in their scenario if the direct link between A-D went down (obviously, the Internet connection still has to be available for it to work), all they have to do is add a route on A and D that directs all traffic for D from A and A from D to a different security gateway, i.e., B or C, and the traffic travels across one more hop than normal, but their WAN is still available. Then when the link comes back up, they can remove the routes and everything goes back to normal. Hope that helps. Maria Backlund wrote: >Thanks for your reply. What we want to do is actually > >LTSPclient1 <-->LTSPserver1<-->dummienet<-->LTSPserver2-->LTSPclient2 > >where dummienet is supposed to simulate different kinds of Internet accesses. The >idea is for LTSPclient2 to boot from LTSPserver2 but to run applications on >LTSPserver1. We're pretty much new at all this and appreciate all ideas. > >Maria >-----Ursprungligt meddelande----- >Fr�n: Jason A. Pattie [mailto:[EMAIL PROTECTED]] >Skickat: den 2 juli 2002 17:42 >Till: Maria Backlund >Kopia: [EMAIL PROTECTED] >�mne: Re: [Ltsp-discuss] LTSP combined with FreeS/Wan? > > >As a company, we setup and maintain Linux FreeS/WAN VPN solutions. I >don't see a need for setting up VPN tunnels on the LTSP application >server, unless you are wanting to secure and encrypt all traffic being >sent to and from the LTSP workstations. We have had a fairly thorough >discussion on this list concerning some of the details about how to go >about setting the workstations up for this kind of scenario. > >If on the other hand, you want to allow VPN connections to your internal >network from the outside, i.e., the Internet, then you will most likely >want to setup FreeS/WAN on your firewall that is connected directly to >the Internet or to a dedicated security gateway box in a DMZ or the >internal network that all IKE, AH, and ESP traffic are redirected to by >the firewall. > >Maria Backlund wrote: > > > >>We've made a small network consisting of a linux terminal server and >>several clients. We're using Red Hat 7.2. Now we would like to >>implement VPN by using FreeS/Wan. Do we need to recompile the >>LTSP-kernel to adjust it to FreeS/Wan or is there an easier way? If >>someone has done a similar project we would appreciate your support. >> >> >>------------------------------------------------------- >>This sf.net email is sponsored by:ThinkGeek >>Welcome to geek heaven. >>http://thinkgeek.com/sf >>_____________________________________________________________________ >>Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: >> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss >>For additional LTSP help, try #ltsp channel on irc.openprojects.net >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> -- Jason A. Pattie [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek No, I will not fix your computer. http://thinkgeek.com/sf _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.openprojects.net
