<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: cipe configuration and routing question
From: Peter van den Heuvel <peter,AT,asylum,DOT,xs4all,DOT,nl>
Date: Sat, 14 Jul 2001 12:22:49 +0200
In-reply-to: <85256A88.00656EC9.00@notes.nyso.org>

Yo!

> VPN A:
> eth0 - 192.168.1.1 (local network- internal interface)
> eth1 - 192.168.100.1 (external interface - will eventually be moved to a
> static IP assigned by my ISP)

> VPN A /etc/cipe/options.cipcb0:
> device    cipcb0
> # remote internal (fake) ip address
> ptpaddr 192.168.2.1
> # my cipe (fake) ip address
> ipaddr    192.168.1.1
> # my real ip address and cipe port
> me   192.168.100.1:1037
> # remote real ip address and cipe port
> peer 192.168.100.2:1037
> # unique 128 bit key
> key  b608a161b56a6a3861b3b42734a0d80c

Oops! VPN-A has 3 network interfaces (like B): eth0, eth1 and cipcb0.
You just gave the eth0 and cipcb0 interfaces with the same IP address.
Look at it as if you have 4 networks: private on A, private on B, the
Internet and your (point-to-point) cipe network. You could (example)
allocate 192.168.254.0 to cipe, using IP's in pairs. Routing is between
the cipe interface and the ethernet card.

So, cipe on A gets ...254.0 and cipe on B get ...254.1. Next make sure
these appear as host addresses (netmask 255.255.255.255) in the routing
table. Then add your static routes to the ...1.0 (gw ...254.0) on B and
...2.0 (gw ...254.1) on A.

Also, (must admit, forgot it myself more then once :( enable routing
with echo 1 >/proc/sys/net/ipv4/ip_forward and start without any form of
firewall.

That should get you going.

CIAO





<< | Thread Index | >> ]    [ << | Date Index | >> ]