> From: owner-cipe-l,AT,inka,DOT,de [mailto:owner-cipe-l,AT,inka,DOT,de Behalf
> Of Raz Gordon
> I have two sites that I want to bridge with a VPN. At a first look, it
> seems to be pretty standard? however, I want to be able to transparently
> use laptops assigned STATIC IP addresses on both sites ? this makes
> things much more difficult... ?Routed? VPN solutions (e.g. Microsoft ISA
> Server) don?t allow this as they require the IP address space to be
> broken into pre-configured sub-spaces (and then they route traffic by
> programming the router?s routing tables).
> This won?t work for me. I am actually looking for a bridged VPN
> solution, that will work exactly as connecting two Ethernet switches
> (one on each site) with a very long cable between both sites ? then it
> would really be a LAN spanned across both sites.
Cipe isn't the layer where this stuff happens. Cipe gives you
what looks like another physical interface connected between
the two hosts. Then you run the same tools you would use at
the OS layer to route or bridge across interfaces connected
to different networks.
> I wonder if CIPE is the VPN bridge solution that I am looking for.
> Specifically: does it dynamically ?learn? and perform an aging process
> on some internal address table, which allows it to ?know? whether the
> destination address is local or remote (and forward packets
> appropriately)? I understand CIPE deals with layer 2 packets(?) so if
> such an address table exists and is maintained, it should store MAC
> (Ethernet) addresses.
I've heard of sucesses with Linux bridging running over CIPE but
haven't done it myself. There are some good reasons for routing
instead. If there are many devices on either LAN you will be
forwarding a lot of unnecessary broadcast traffic across. It's
the price you pay for not setting up a DHCP server at both ends to
automatically provide an appropriate address.