Disclaimer: I’m not really good at this, just wanted to test it, take everything I write with several grains of salt
I’ve tried to test this in my vSphere lab, this is the virtual scenario I’m using:
Both Nethesis are vanilla installations, pcs are Windows xp (yes, I know, bear with me), the middle one has netmon installed on it, ip forwarding enabled (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters IPEnableRouter DWORD 1), and static routes to route the traffic.
Installed nethserver-ipsec-1.0.3-1.7.g584aafa.ns6.noarch.rpm from nethserver-testing, and configured both sides of the tunnel, here’s site 1:
and the dashboard showing good signs
Then I wondered if the tunnel was really doing its job, so I opened all traffic from the outside in on the Netservers firewalls, with a new firewall rule any-to-any, and tested connection from WINXP1 to WINXP2 with the tunnel disabled
here’s Netmon output with the tunnel disabled:
and with the tunnel enabled
So far so good.
Now, if only I could get my hands on a real public IP (got all sorts of natted ips from fastweb) I’d really like to see a working vpn tunnel from Nethserver to the Google vpn object in the cloud: