Cipe and advanced routing|
Petr Konecny <pekon,AT,informatics,DOT,muni,DOT,cz>|
Thu, 15 Feb 2001 22:05:28 +0100|
I have a laptop that has a permanent address A in network N. There is no
firewall between N and the Internet.
I would like most traffic between the laptop and network A to go through
CIPE tunnel. I have access to a computer G on network N, that can be
used as a proxy/gateway/router.
So far I have done this:
there is a cipe tunnel between laptop and G, local address (ipaddr) of
the tunnel on laptop is its address A in network N, remote (ptpaddr) is
G works as an ARP proxy for address A on interface connected to N, it
does IP forwarding.
Laptop uses 192.168.253.1 as a gateway for network N, except for
computer G, which uses laptop's default gateway. Both computers use
Linux 2.4.1-ac14 and cipe 1.4.5 with blowfish.
This works fine, but of course there are some glitches:
1. the traffic that goes directly to G is not sent through the tunnel
2. it encrypts everything
I do not want ssh connections to use CIPE and to encrypt the
communication to G, i.e. the only packets going to G over the Internet
should be UDP packets of CIPE and SSH connections.
I tried to use policy routing to do it. I marked all SSH and CIPE
generated UDP packets with fwmark in the OUTPUT chain of the table
mangle, created routing rule that matched the mark and set gateway for
these packets to laptop's default gateway. Then I set route for network
N to 192.168.253.1. All this to get: cipcb1: looped route
Is there any way to get this to work ?
Remark of Dr. Baldwin's concerning upstarts: We don't care to eat toadstools
that think they are truffles.
-- Mark Twain, "Pudd'nhead Wilson's Calendar"