l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2001 Dec 30 17:00

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] LAN/WAN Stuff
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] LAN/WAN Stuff

On Thu, 15 Feb 2001 18:57:57 -0800, Patrick B. Lickiss said:

> Hey everyone, sorry to re-post this question, but the only response I got to
>  it before wasn't very helpful :) (i.e. not really an option to convert
>  everyone over to *nix).  Long story very short, a friend and I are living at
>  two different apartment complexes next year and we each have an ethernet
>  connection.  Both of us are going to have LRP boxes set up to MASQ the
>  connection to our in-apartment LAN's.  My LAN will consist of 3 or 4 Windows
>  boxes and 1 or 2 Linux boxes.  His will have 4 Windows boxes and a Linux
>  box.  Basically, how can we merge the two LAN's into one?  (Either one
>  workgroup or two, doesn't matter)  Is it possible to set up a VPN tunnel
>  between the two LRP boxes and have the networks talk that way?  If so, how
>  do I differentiate between traffic meant for the two LAN's and traffic meant
>  for the Internet (i.e. I'd want any machine on my network to be able to
>  simultaneously be on the Internet, MASQ'ed through the LRP box and to browse
>  the LAN's, routed through the VPN).  As I mentioned before I've looked
>  online and really only found one Open Source program that will do this is
>  FreeS/WAN (http://www.freeswan.org).  Anyone used this?  Anyone know of a
>  different way to do this?  Thanks for you help.
>  Patrick

I did just this sort of thing once for a two-location LAN party (WAN party?). 

Briefly, what you do is, using FreeS/WAN, create an encrypted tunnel between
your masq box and your friend's masq box. Say your masq box is with
a 24-bit subnet on the internal side, and your friend's is also with

Then, in your config file, you'll have something like 

Note that the two private networks use different sets of IPs. 

Because the masq boxes handle all the routing for the private networks, if a
machine sends a packet to someone on your friend's network, it'll get sent
through the secure tunnel automatically. You can verify this with tcpdump
ipsec0; it should show unencrypted packets going through. tcpdump eth0 should
show encrypted stuff. 

Then, pick one of the masq boxes to be a WINS server. Set up Samba
appropriately, and tell all the win boxes to use its private IP as the WINS
server. Make sure all the win boxes are set to the same workgroup, and reboot
(and reboot, and reboot...). This should work, but browsing the Network
Neighborhood might be slow for the network without the WINS server directly on

You'll probably need to convert one of the LRP boxes over to a hard-disk-based
distro since I don't think you can fit the kernel, basic tools, the FreeS/WAN
tools, and Samba on a floppy. Make sure to lock it down really well since
cracking this box will compromise not only your network, but your friend's
network too. 

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!