NFS over VPN?

Brian Fahrlander brian at fahrlander.net
Mon Apr 26 17:04:34 UTC 2004 

On Mon, 2004-04-26 at 09:59, Erik Karu wrote:
> Hi,
> 
> I have two FC1 boxes acting as "servers" (A and B) on
> different locations and three "workstations" behind
> both of those machines. I'm planning to connect the
> servers with VPN (using freeswan module from Dag).
> Then I would be able to use NFS securely between my
> networks.

    Several years ago (before these simpler, better?) tools came out I
did the same kinda thing, but for Samba. That's tougher, though- the
'Network Neighborhood' plan is to only use on subnet, and there's the
rub.

    The thing that surprised me (and got the network going) is that you
can create these pipes to be on the SAME subnet with a different IP and
the firewall rules turn into just one line, instead of monkeying with
the thing across other subnets and writing more firewall code.

    For example, 192.168.1.1 will use vpn1 positioned at 192.168.1.9,
and when a packet for the remote site comes up, there's a static route
that'll send it to that address.  It's kinda like creating black holes
to another system...keep that in mind when you're working on it.

    I say this, 'cause it might be a stumbling block for you, as it was
for me.  When it's done, the pipe resembles another WAN address- an IP
address on one side, leading to a WAN address on the other side, and it
won't matter what application you're using.  Before you bother with the
NFS side, ping it. See if you can surf across it. NFS won't care- if
these tests work, then NFS can work.

    Good luck!

-- 
------------------------------------------------------------------------
Brian Fahrländer                  Christian, Conservative, and Technomad
Evansville, IN                                 http://www.fahrlander.net 
ICQ 5119262
AIM: WheelDweller
------------------------------------------------------------------------
angegangen, Schlange-Hüften, sein es ganz rüber jetzt. Bügel innen fest,
weil es eine lange, süsse Fahrt ist. 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040426/878c04c6/attachment-0001.sig>

More information about the fedora-list mailing list