Well, interestingly, I've got this working, but have a number of nasty
First, I can't get it to work with pkcipe AT ALL. Nothing will ever go
over the link, most likely due to the screwy address it is choosing for
the peer on the server side. (The server's default outbound route
crosses a 10.0.0.x network, and it's picking 10.0.0.254 as the peer
address.) I tried all sorts of contortions with specifying options/etc,
and never had any luck getting it to link up properly. When I hand wired
everything in and ran ciped-cb by itself, it worked right away.
The second problem, in order to get the source-based routing to work, I
had to do this on the client router:
ip rule add from X.X.X.1 table 200 prio 200
ip route add default via 10.0.2.1 table 200
Where 10.0.2.1 is ipaddr on server.
If I try to use the netmask in that rule instead of multiple invocations
for each ip, the client router can no longer talk to X.X.X.Y.
If anyone has any suggestions on how I might improve this, pass em
along, I'd love to hear em.
"Neulinger, Nathan" wrote:
> I think I found out how to do this with the advanced routing feature in
> recent kernels, it can do source based routing.
> That should make things a WHOLE lot simpler.
> I'll post a summary of my configuration when I have it working, as I think
> it might be a useful example.
> -- Nathan
> > -----Original Message-----
> > From: Neulinger, Nathan [mailto:nneul,AT,umr,DOT,edu
> > Sent: Thursday, August 09, 2001 2:33 PM
> > To: 'cipe-l,AT,inka,DOT,de'
> > Subject: Setup/routing question with cipe
> > To start off with - I have the cipe link up and running, and
> > a route from
> > the server pkcipe side to the client (i.e. ping shows up on
> > client). The
> > goal is to make use of a VPN to have use of static IP addresses.
> > Server:
> > CIPE-10.0.2.1
> > NET-A
> > Client-LAN:
> > NET-B
> > Client-WAN:
> > CIPE-10.0.1.1
> > NET-C (cable modem)
> > LanStation:
> > NET-C
> > I have a single semi-dynamic IP on Net-C that virtually never
> > changes. It is
> > a DHCP assigned address and default route.
> > I would like ALL traffic to go over the CIPE link to the server.
> > In my if-up script on the server, I route LAN/NET-B traffic
> > to 10.0.1.1, and
> > set up the proxy arp.
> > Would I now need to:
> > a. Drop the default route on the Client going to
> > cable-modem gateway
> > b. Add a single host route for the Server pointing at the
> > cable-modem gateway
> > Is there any nice way of doing this other than hardwiring the
> > cable modem
> > gateway and hardwiring the drop of the script?
> > I'd really prefer to be able to say:
> > On Client: Route all traffic from Net-C over CIPE, but
> > everything
> > else use default.
> > i.e. any traffic from the router itself would go over default
> > route, but the
> > 'forwarded' traffic would go over cipe. Is there any way to
> > do this with
> > ipchains rules?
> > Suggestions? Am I on the right track here?
> > -- Nathan
> > ------------------------------------------------------------
> > Nathan Neulinger EMail: nneul,AT,umr,DOT,edu
> > University of Missouri - Rolla Phone: (573) 341-4841
> > Computing Services Fax: (573) 341-4216
> > --
> > Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> > Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> > Other commands available with "help" in body to the same address.
> > CIPE info and list archive:
> > <URL:http://sites.inka.de/~bigred/devel/cipe.html>
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive:
Nathan Neulinger EMail: nneul,AT,umr,DOT,edu
University of Missouri - Rolla Phone: (573) 341-4841
CIS - Systems Programming Fax: (573) 341-4216