[Openswan Users] Can I create non-VPN websites on subnet servers behind the VPN gateway?

Joseph Thames bear at metacalculus.net
Tue Jun 28 15:22:13 CEST 2005 

I am seeking team collaborators to assist with VPN-related work aimed to 
support the eventual web marketing of grand-challenge class scientific 
middleware, previously marketed in the time-sharing era, and 
incorporating over 170 man years of prior development going back to the 
Apollo program.

I inherited a FreeSwan 1.99 gateway/subnet from a former partnership I 
am no longer associated with. It is setup where the gateway and all the 
subnet boxes use DHCP to acquire IP addresses. I use it all the time, 
but until now I have had no occasion to push its envelope.

I now have to do all my own sysadmin work, and I am willing to put forth 
the time to learn the VPN if I can be assured I can achieve what I want 
to do.

I manage a project at Novell Forge (WebLinux) involving the development 
of a web portal UI for the scientific applications running on an Apache 
web-server. This project involves considerable experimentation on 
different "lockstepping" methods of managing interactive dialogs between 
web-users and applications running on the web-servers configured for 
Apache, ModPerl, Mason, and IPC::Run on the server-side.  Potentially 
these applications will become distributed in the background on Linux 
clusters.

We have experimented with meta-refresh, Ajax pull, Ajax push, etc. So 
far none of these methods have been satisfactory means of overcoming the 
lockstepping problem, and we are now planning to experiment with 
Mod_PubSub. Each experimental testbed requires special configuration, so 
we must centralize our testing on a small server farm (in my garage).

I want to set up virtual hosts on my subnet boxes so team collaborators, 
not permanently in the VPN, can use these hosts for development testing. 
As each of these experimental lockstepping approaches requires special 
configuration, it is not practical for collaborators to take on this 
sysadmin work on their own machines.

What I would like to do is set up a gateway website at a public 
web-hosting site (i.e. Lunarpages.com) and have it relay communication 
to/from my garage servers behind my VPN firewall.

Some questions: 

1. Do the collaborators have to become temporary VPN members (like road 
warriors), or is there a way to actively filter their packets so they 
only need up-to-date browsers (Gecko only) on their remote boxes to gain 
access to websites behind the garage firewall?

2. Since this would be restricted to single point-to-point tunneling, 
wouldn't that be simple so that temporary VPN extension would be 
straightforward.

3. Are there API's (preferable Perl) that can be used for this purpose?

I would very much appreciate expert response to these questions.

Thank you.

-- 
Joseph 'Bear' Thames
Meta Software Engineering
(408) 873-0658
bear at metacalculus.net

More information about the Users mailing list