Site to Site VPN on DMZ

General questions.
Post Reply
Posts: 1
Joined: January 3rd, 2019, 7:33 pm

Site to Site VPN on DMZ

Post by jackwetson » January 3rd, 2019, 7:49 pm

Hello! I've been doing a fair bit of reading about ipfire and I'm really hoping it can be a solution to a problem I'm having but im not quite sure so i'm reaching out for some advise here!

We have two offices "A" and "B" at which I need to build a site-to-site link between the two, preferably over an IPSEC VPN. I do however have two issues:

1. The IP addresses are dynamic
2. The routers are limited in functionality and cannot be replaced.

My initial thought was to have an ipfire server at each end and thankfully at least the routers allow me to put something on the DMZ.

IP addressing isnt an issue from what i'm reading, I can use dynamic DNS and set this up on the ipfire.

I can also setup IPSEC VPN's between the two ipfire devices at A and B.

My concern comes from how local clients will route between site, as the router is remaining my gateway and the ipfire is only on the DMZ, I dont see how if a client at site A requests a resource from site B how this will route over the VPN, or am I missing something here?

User avatar
UAW-Chrysler NTC
Posts: 16
Joined: October 23rd, 2018, 10:29 am

Re: Site to Site VPN on DMZ

Post by UAW-Chrysler NTC » January 9th, 2019, 7:07 pm

You gotta get rid of the old routers.
Site to site VPN is predicated on the routers at each end.
So bite the bullet and replace them.

To stick IPfire on the inside and then try to get to the DMZ etc seems crazy to me.
I like keeping things simple.

You said it, the current edge devices are old.
It's likely a matter of time before they get busted into if they are so old anyway.

My $0.02
UAW-Chrysler NTC |Warren, Michigan, USA
IPFire 2.21 (x86_64) - Core Update 126

Post Reply