I'm thinking about using OpenVPN to set this up:
I have two networks, each with different a public IP address and behind a NAT box. I want them to have access to each other. My idea for the cleanest approach was to make each NAT box a router and put the networks in different subnets. Since they have a default route to the NAT box already, the NAT box would look at the destination address and either perform NAT (if it's an internet destination) or forward it to through the VPN tunnel--so it's a router.
I plan on using openvpn.
Should this be relatively easy to do? Making two networks that are in different subnets very easy, but I never set up routed (or something like it) on a NAT box and have it work in conjunction with both NAT and a VPN tunnel (although, I suppose the VPN tunnel would look just like an interface with the IP address of the other subnet).
I'm thinking of something like this:
( Internet )
____| |_________
| |
NAT box NAT box
DHCPD DHCPD
eth 192.168.1.1 eth 192.168.2.1
vpn 192.168.0.1 vpn 192.168.0.2
Netowrk 1 Network 2
192.168.1.0/24 192.168.2.0/24As for DNS, I guess I'd set up dnsmasq to serve .lan requests, then if they're not found, ask the other network's DNS. If it's a non .lan, ask the ISP's DNS.
I just want to make sure this sounds like the best way to approach the problem. I've never done this before, so I don't want to head down the wrong path.