Figure illustrates the topology of a VPN between two SOHO environments. Here's the scenario:
The two sites need a VPN so that they can communicate with each other without the fear of eavesdropping.
The network administrators at both sites are aware that permanent site-to-site VPNs require fixed Internet IP addresses and have upgraded from their basic DHCP services originally provided by their ISPs. The sites' IP addressing schemes do not overlap.
Neither site wants to invest in a CA certificate service or infrastructure. The RSA key encryption methodology will be used for key exchange. (At the end of the chapter, I'll discuss an alternative Cisco-compatible method called alternately shared secret, pre-shared, or symmetric key.)
Site 1 uses a private network of 220.127.116.11 /24 and has a Linux VPN/firewall device default gateway with an external Internet IP address of 18.104.22.168.
Site 2 uses a private network of 10.0.0.0 /24 and has a Linux VPN/firewall device default gateway with an external Internet IP address of 22.214.171.124.
1. Openswan topolology diagram.