Subject: Re: CIPE and ADSL lines
From: Mike Gende <mgende,AT,gendesign,DOT,com>
Date: Fri, 18 Oct 2002 23:04:22 +0200
In-reply-to: <20021018164836.23923.qmail@ubmail.ub.edu.ar>

Norberto Altalef wrote:

> Hi.


> 1- I saw that cipe is included en RedHat 7.3. Is it advisable use this
> package from the RedHat distribution ?

We've been using the stuff in the distribution with no problems so far. We 
are using RHL7.3.

> 2- Since I will have dynamic IP in both ends of the link, I need some setup
> in order both sides know the IP of the other side. In the cipe doc, I see
> the concept of "dynamic DNS", using pkcipe.
> Is this the best way or are there another alternatives ?

We've not used Pkcipe, so I can't tell you about it from experience, but I 
tell you what we've done.

> What happen if the company don't have a registred domain, is there anothe
> way ?

You could use a EasyDNS type of service that maps your dynamic IP to a domain
accessible to the Internet at large. Thus, one would use for example,
www.siteone.com and www.sitetwo.com and be able, with some exceptions, to 
these in the options files at each site.  We have done that in the past with
success. We then bring up the line by having both ends ping each other.
Hopefully, one of the two is current and away you go.

> 3- May I use the ADSL line at the same time link to a)the two sites and
> b)access the Internet (navigation).


> Using two IP's in the internal interface ? One for the encrypted UDP packets
> and the other for access the Internet ? Or adding another phisical
> interface ?

Well, you'll have you're interface to the Internet (probably something like
ppp0). That's where your default route will be to. Then, you'll have cipcb0 
that will be your route for the remote LAN.  If the computers in question are
gateways, use masquerading with ipchains (we still use it), point your users 
it for their gateway and everyone can use them for Internet access and VPN

> 4- Related with 3) may I install Squid webcache in the same machine ?

Yes. We have done the same thing.

> I will appreciate very much any help. Sorry for the long post.

Hope this makes sense.

> Many thanks in advance
> Regards
> Norberto Altalef



