The hardware firewall handles all the vpn connections and the tunnels are always open.
So all the client has to do to connect to the servers via vpn is to connect to:
smb://[ip of the vpn tunnel]
So simple packet filtering will not work.
The end user does not know if they connect to a computer on our local network or a computer connected via vpn.
I will need to route specific ip adresses/ranges to the hardware firewall. While all other traffic goes via the linux server.
Say we have two servers that are connected via vpn.
Those have ip adresses 192.168.1.1 and the other 20.20.20.240.
This is what I want to do:
Code:
----------------------
| |
| Clients connnect |
| via ip or hostname |
----------------------
|
|
------------------------- --------------------- -------------
| Linux router/firewall | | | | |
| | | | | |
| 192.168.1.1 -------------------------->| Hardware Firewall | ---------> | VPN Hosts |
| 20.20.20.240 ------------------------->| | | |
| | | | | |
| | --------------------- -------------
| |
| |
| | ----------------
| All other traffic -------------------->| Internet/ISP |
| | | |
------------------------- ----------------
This also means that both the linux firewall and the hardware firewall will have different public ip adresses and different internet connections.
I hope you understand what i mean.
And thanks again for helping out