Can I create non-VPN websites on subnet servers behind the VPN
bear at metacalculus.net
Tue Jun 28 15:22:13 CEST 2005
I am seeking team collaborators to assist with VPN-related work aimed to
support the eventual web marketing of grand-challenge class scientific
middleware, previously marketed in the time-sharing era, and
incorporating over 170 man years of prior development going back to the
I inherited a FreeSwan 1.99 gateway/subnet from a former partnership I
am no longer associated with. It is setup where the gateway and all the
subnet boxes use DHCP to acquire IP addresses. I use it all the time,
but until now I have had no occasion to push its envelope.
I now have to do all my own sysadmin work, and I am willing to put forth
the time to learn the VPN if I can be assured I can achieve what I want
I manage a project at Novell Forge (WebLinux) involving the development
of a web portal UI for the scientific applications running on an Apache
web-server. This project involves considerable experimentation on
different "lockstepping" methods of managing interactive dialogs between
web-users and applications running on the web-servers configured for
Apache, ModPerl, Mason, and IPC::Run on the server-side. Potentially
these applications will become distributed in the background on Linux
We have experimented with meta-refresh, Ajax pull, Ajax push, etc. So
far none of these methods have been satisfactory means of overcoming the
lockstepping problem, and we are now planning to experiment with
Mod_PubSub. Each experimental testbed requires special configuration, so
we must centralize our testing on a small server farm (in my garage).
I want to set up virtual hosts on my subnet boxes so team collaborators,
not permanently in the VPN, can use these hosts for development testing.
As each of these experimental lockstepping approaches requires special
configuration, it is not practical for collaborators to take on this
sysadmin work on their own machines.
What I would like to do is set up a gateway website at a public
web-hosting site (i.e. Lunarpages.com) and have it relay communication
to/from my garage servers behind my VPN firewall.
1. Do the collaborators have to become temporary VPN members (like road
warriors), or is there a way to actively filter their packets so they
only need up-to-date browsers (Gecko only) on their remote boxes to gain
access to websites behind the garage firewall?
2. Since this would be restricted to single point-to-point tunneling,
wouldn't that be simple so that temporary VPN extension would be
3. Are there API's (preferable Perl) that can be used for this purpose?
I would very much appreciate expert response to these questions.
Joseph 'Bear' Thames
Meta Software Engineering
bear at metacalculus.net
More information about the Users