blob: e018148bd0b1b1aa5d2dee7a06518aee170d1359 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
The WLAN clients <b>alice</b> and <b>venus</b> secure all their wireless traffic
by setting up an IPsec tunnel to gateway <b>moon</b>. The VPN network mask is
<b>0.0.0.0/0</b>. Traffic with destination outside the protected 10.1.0.0/10 network
is NAT-ed by router <b>moon</b>. The IPsec connections are tested by pings from
<b>alice</b> to <b>venus</b> tunneled via <b>moon</b> and to both the internal
and external interface of gateway <b>moon</b>. Access to the gateway is
set up by <b>lefthostaccess=yes</b> in conjunction with <b>leftfirewall=yes</b>.
At last <b>alice</b> and <b>venus</b> ping the external host <b>sun</b> via the NAT router.
<p>
The host system controls the UML instances <b>alice</b> and <b>carol</b> via
ssh commands sent over the virtual <b>tap1</b> interface. In order to keep up
the control flow in the presence of the all-encompassing 0.0.0.0/0 tunnel
to the gateway <b>moon</b> an auxiliary <b>passthrough</b> eroute restricted
to the ssh port is statically set up by <b>conn system</b>.
|