[olug] VPN / iptables type question

[Ken]

 > Shaughn wrote:
> Hello. I just got asked a question on a scenario.
> 
> Company #1 and Company #2, want to both VPN to Server C.
> 
> So, in my mind, with this, #1 and #2 will be on the same network as S.C, 
> so they will all beable to see eachother? correct? All machiens from #1 
> can access #2 and S.C.

Yes, by acting as a secure gateway between both networks it would 
essentially be serving in the same capacity as a network bridge.  Also 
note that depending on the amount of users that this needs to be a 
pretty robust machine.  Handling the traffic, filtering and encryption 
of the users on both networks will be a decent load.  You could take out 
the middle-man (S.C.) and do essentially the same thing by having a 
separate vpn gateway at each company and just have the two gateways 
tunneled to each other.

> 
> I would like ot know if it's possible to have #1 and #2 machines route 
> the traffic. Like all local traffic to the S.C goes to the S.C, but any 
> internet traffic goes through the gateway of their ISP, and not the S.C 
> as a VPN would do.
> 
> I hope this makes sense.

This is possible..  When I worked for Compaq, the VPN client software 
provided to remote/traveling users to connect to the VPN servers had 
this implemented.  Essentially the client software had an internal 
routing tables that tunneled all traffic meant for company IPs through 
the VPN and but left the rest for your ISP connection.  I'm not sure of 
the technical detail on how this was done but there may be something in 
the opensource realm that has this.  If so, it would just be a matter of 
implementing it on a server level since you control the traffic leaving 
the network.  In Compaq's case I'm sure it was made easier by the fact 
they own two complete Class A IP blocks (15. & 16.) to define routing..
-Ken