223 lines
5.0 KiB
HTML
223 lines
5.0 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>So how does it work?</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
|
|
"><LINK
|
|
REL="HOME"
|
|
TITLE="VPN HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Theory"
|
|
HREF="theory.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="But really, what IS a VPN?"
|
|
HREF="x192.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="SSH and PPP
|
|
"
|
|
HREF="x205.html"></HEAD
|
|
><BODY
|
|
CLASS="sect1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>VPN HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x192.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 2. Theory</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x205.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="sect1"
|
|
><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN195">2.3. So how does it work?</H1
|
|
><P
|
|
> Put simply, to make a VPN, you create a secure tunnel between the two
|
|
networks and route IP through it. If I've lost you already, you should
|
|
read <A
|
|
HREF="http://www.tldp.org/HOWTO/Networking-Overview-HOWTO.html"
|
|
TARGET="_top"
|
|
> The Linux Networking Overview HOWTO</A
|
|
> to learn more about networking
|
|
with Linux.</P
|
|
><P
|
|
> Here are some diagrams to illustrate this concept:
|
|
</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> \ \
|
|
-------- / / --------
|
|
Remote ______| Client |______\ Internet \_____| Server |______ Private
|
|
Network | Router | / / | Router | Network
|
|
-------- \ \ --------
|
|
/ /
|
|
|
|
|
|
Client Router
|
|
----------------------------------------------------
|
|
| /-> 10.0.0.0/255.0.0.0 \ |
|
|
Remote | |--> 172.16.0.0/255.240.0.0 |--> Tunnel >---\ |
|
|
Network >---|--|--> 192.168.0.0/255.255.0.0 / |--|----> Internet
|
|
192.168.12.0 | | | |
|
|
| \-----> 0.0.0.0/0.0.0.0 --> IP Masquerade >--/ |
|
|
----------------------------------------------------
|
|
|
|
|
|
Server Router
|
|
----------------------------------------------------
|
|
| /-> 10.0.0.0/255.0.0.0 \ |
|
|
| /--> Tunnel >--|--> 172.16.0.0/255.240.0.0 |--|----> Private
|
|
Internet >--|--| \--> 192.168.0.0/255.255.0.0 / | Network
|
|
| | | 172.16.0.0/12
|
|
| \-----> 0.0.0.0/0.0.0.0 -----> /dev/null | 192.168.0.0/16
|
|
----------------------------------------------------
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> The above diagram shows how the network might be set up. If you don't
|
|
know what IP Masquerading is, you should probably read the
|
|
<A
|
|
HREF="/HOWTO/Networking-Overview-HOWTO.html"
|
|
TARGET="_top"
|
|
>The Linux Networking
|
|
Overview HOWTO</A
|
|
> and come back once you understand how it works.
|
|
</P
|
|
><P
|
|
> The Client Router is a Linux box acting as the gateway/firewall for the
|
|
remote network. The remote network uses the local IP address
|
|
192.168.12.0. For the sake of a simple diagram, I left out the local
|
|
routing information on the routers. The basic idea is to route traffic
|
|
for all of the private networks (10.0.0.0, 172.16.0.0, and 192.168.0.0)
|
|
through the tunnel. The setup shown here is one way. That is, while
|
|
the remote network can see the private network, the private network
|
|
cannot necessarily see the remote network. In order for that to happen,
|
|
you must specify that the routes are bidirectional.
|
|
</P
|
|
><P
|
|
> From the diagram you should also note that all of the traffic coming out
|
|
of the client router appears to be from the client router, that is, all from
|
|
one IP address. You could route real numbers from inside your
|
|
network but that brings all sorts of security problems with it.
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x192.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x205.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>But really, what IS a VPN?</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="theory.html"
|
|
ACCESSKEY="U"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>SSH and PPP</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |