1. VMware
2. The Setup
3. Configuring Virtual Machines
VMware
VMware is software
that allows you to create a virtual computer inside your
real computer. By sharing your host computer's resources, a
VMware "virtual machine" allows you to do almost anything
you would on a real computer, including installing an
operating system, software, and applications. It's
definitely handy for testing software and applications in
heterogeneous computing environments.
At work, I've been integrating and developing virtual
private networking (VPN) applications for our server
software. Testing VPNs usually requires a number of
computers, but in general, at least 4 -- two security
gateways that establish a secure link between each other to
route packets destined for their respective subnets, and two
client machines to test end-to-end connectivity.
Using VMware, I came up with a
testing infrastructure that consists of four computers,
except that they're all VMware virtual machines running on
my workstation. The four computers are:
Two SME Servers with ServiceLink, each with two network
interface cards (NICs).
One Linux client,
One Windows 2000 client.
VMware provides three main mechanisms for connecting a
virtual machine's NIC to a network:
"Bridged" mode connects the virtual NIC to the host
machine's LAN, as if it were physically connected.
"NAT" mode uses Network Address Translation to provide
network connectivity to the host machine's LAN via the host
machine's IP address.
"Host-only" mode requires the configuration of a
subnet that can only be accessed by the host machine and any of
its virtual machines.
The Setup
 A VPN security gateway needs to be multi-homed,
meaning it needs to have at least two network interfaces. One
interface "faces" the LAN, and the other faces some untrusted
network, most commonly the Internet. Combined with the fact
that each security gateway must protect different subnets, this
means that our testing infrastructure must consist of three
networks.
Using two of VMware's network modes, "bridged" and
"host-only", three distinct networks can be constructed.
By configuring host-only mode on the host machine, two networks
are created, which form the LAN networks that our VPN will
connect and secure: 192.168.101.0/24 (host-only network 1)
and 192.168.102.0/24 (host-only network 2).
When I set up my virtual machines, bridged network
connections create the third network: 192.168.1.0/24.
This last network forms the "untrusted", or public network over
which the VPN will be created.
Configuring Virtual Machines
Starting with the two virtual machines which will become our VPN
gateways, I installed the SME Server v5 distribution on to both,
and configured each virtual machine to have two NICs. One was
installed in bridged mode, and the other in host-only mode. This
setup each server as a multi-homed machine each having its own LAN
(host-only), and an interface facing a public network (bridged).
Once those two machines were up and running, and network
connectivity was verified, it was easy to add client machines to
each virtual LAN by installing an operating system, and configuring
them to get an IP address via DHCP from an SME Server.
With all four machines setup, the testing infrastructure is
complete. The machines in each virtual LAN should not have direct
network connectivity to each other, although should have full
Internet access if the host machine has Internet access, and each
SME Server has been configured with an appropriate gateway on the
bridged network.
Once a VPN is configured, (using software such as FreeS/WAN),
clients on each LAN will have network level access to each other.
|
