Les Mikesell wrote:
> Is there some reason the CIPE endpoints don't use the typical
> 4-host subnet masks (255.255.255.252) that you would
> see on a WAN PTP link? I'm having a little trouble understanding
> how the route to the other end is found when the route table
> entry has a netmask of 255.255.255.255 - but this does seem
> to be working.
255.255.255.255 is a host netmask. An address with this netmask is one
The endpoint of the tunnel is just a host. The Subnets behind that host
have a own route with this host set as gateway.
> Also, are there any example configs where a firewall blocks
> everything but the UDP tunnel packets but there is no
> NAT involved and direct routes appear to exist to the
> destination subnet?
In the normal configuration, there shouldn't be any NAT on the Cipe
> Is it possible to talk to the destination
> host through the tunnel using it's normal DNS address without
> adding a secondary address to accept the tunnel endpoint?
I dont think so. If you use a DNS adress, a DNS lookup gives you the IP
of the internet interface of the host. You cannot route Packets for this
IP through your cipe device because you send the cipe packets to the
remote host to this IP.