Below is based on linux as tunnel devices. As router any vendor can be used that has port forwarding and firewall capabilities.
For example, to connect two or more locations, the diagram and techniques below can be used. In this way, different remote locations and/or offices can be connected as if it were a large network. In this way, resources can easily be shared. And the management can be carried out via a location. Security is important. And some things can best be done through segmentation with the different roles of users, etc. In all of this, a SIEM system is very important.
To create a dedicated 24/7 online tunnel you don’t need dedicated Cisco routers. It can all be done with Linux virtual routers. You need to understand the technology and security principals and routing.
In this way it is “easy” to efficiently roll out multiple routers. This method is also suitable to set up and activate different DMZ zones. This without vendor lock. In this way there is no dependency on large multinationals with expensive licenses and marketing methods. The principles they use can often also be implemented with Linux systems. And are often very robust. A customer can easily import a hyper machine that is ready as a Linux VPN router out of the box.
Two static routes have been set up on the two routers. The routers know the nexthop, which is the route that the router knows to connect via the tunnel to the internal network. This works as follows. The static routes are set on the routers (See picture Static routes)
Linux VPN Routers
it is more convenient to have your own VPN routers that are based on Linux.
So that the VPN does not become dependent on brand-related routers and or licensing
We have 2 networks that need to be connected. 192.168.0.1/24 Office 2 with 192.168.1.1/24 Office 1, this is named on the routers as Dest.Network. The NextHop is the reference to the tunnels (Linux VPN routers). These are Virtual machines with Linux and VPN router installed.
Virtual machines Office 2 has IP4 192.168.0.111 Running on a Linux hyperviser
Virtual Machines Office 1 has IP4 192.168.1.115 Running on a Microsoft Hyper V hyperviser
These two Virtual Machines connect to each other via Linux VPN. In this way a VPN tunnel is created.
Thanks to the static routes on the main routers, they know how to route the LAN traffic per location. It can be difficult for a non-network administrator to understand this concept. In this case, knowledge of Linux OS & VPN and network routing principles is needed, firewall and DNS are required. But it is important that I at least describe how this system is set up.
You can log in to both Linux VPN routers via SSH. There are some commands available to read the status and configuration. The tunnel is automatically maintained using the parameter –> PersistentKeepalive = 25
A UDP port has been opened on the router in Office 2 so that the tunnel from the router Office 1 location can connect to it. A security restriction has also been adjusted. Only the IP4 address of Office 1 can make a connection here. The VPN has good security with a private and public key.
The main routers are setup – UDP port 51000 incoming VPN port Office 1
Ports on the main routers which should be forwarded to the Linux Virtual machines VPN Systems
For more detailed information about routing see info below
The Open University Routing table Cisco ip routing explained