RE: CIPE and ADSL lines|
Tony Langdon <tlangdon,AT,atctraining,DOT,com,DOT,au>|
Mon, 21 Oct 2002 00:55:20 +0200|
> We've been using the stuff in the distribution with no
> problems so far. We also
> are using RHL7.3.
I've used the RHL 7.3 standard CIPE no probs (even though it's only 1.4.5),
and I use 1.5.2 (compiled from a tarball) on my RH 6.2 box.
> > 2- Since I will have dynamic IP in both ends of the link, I
> need some setup
> > in order both sides know the IP of the other side. In the
> cipe doc, I see
> > the concept of "dynamic DNS", using pkcipe.
> > Is this the best way or are there another alternatives ?
> We've not used Pkcipe, so I can't tell you about it from
> experience, but I will
> tell you what we've done.
I haven't used PKCIPE either.
> > What happen if the company don't have a registred domain,
> is there anothe
> > way ?
> You could use a EasyDNS type of service that maps your
> dynamic IP to a domain
> accessible to the Internet at large. Thus, one would use for example,
> www.siteone.com and www.sitetwo.com and be able, with some
> exceptions, to enter
> these in the options files at each site. We have done that
> in the past with
> success. We then bring up the line by having both ends ping
> each other.
> Hopefully, one of the two is current and away you go.
I use DDNS services to do the same and in the appropriate spots in my
options files, I place the DDNS hostnames of the remote end of the link.
The links establish themselves no problems every time.
I have two CIPE links setup this way. One is between the RH 6.2 box and a
Win2k machine. The other is between the RH 6.2 and RH 7.3 boxes as
described above. All nodes use cable modems, but the theory is exactly the
same as for ADSL.
> > 3- May I use the ADSL line at the same time link to a)the
> two sites and
> > b)access the Internet (navigation).
Just have to set routing tables accordingly. Mine would be a good example
of a very complex setup, with 3 VPN links (the third uses another system),
some firewalling between the VPNs, two logical networks (one private, the
other with public IPs, a hangover from a previous semi-permanent cnnection)
and IP masquerading... :-)
The whole thing purrs along quite nicely. :)
> > Using two IP's in the internal interface ? One for the
> encrypted UDP packets
> > and the other for access the Internet ? Or adding another phisical
> > interface ?
> Well, you'll have you're interface to the Internet (probably
> something like
> ppp0). That's where your default route will be to. Then,
> you'll have cipcb0 and
> that will be your route for the remote LAN. If the computers
> in question are
> gateways, use masquerading with ipchains (we still use it),
> point your users at
> it for their gateway and everyone can use them for Internet
> access and VPN
I'd masquerade at all sites, so traffic bound for the Internet doesn't
travel across the CIPE link, and route internal traffic along the VPN link.
The RH 6.2 box uses ipchains (Dunno if I'll upgrade the box, iptables is
nice and would solve a few of my problems, but it doesn't yet support
everything I do - H323 masqerading, etc, that ipchains supports).
The RH 7.3 box does use iptables (that site doesn't have the need for H323,
as the guy who owns it doesn't have as much time to get on the Net as I do).
> > 4- Related with 3) may I install Squid webcache in the same
> machine ?
> Yes. We have done the same thing.
I run IRC proxies (tircproxy) to handle DCC better than the default RH 6.2
modules, as well as managing ident queries. Haven't got Squid up on my
network, but run a couple of services for the local network (mail
cache/outbound mail server, etc), and a VoIP aplication.
> > I will appreciate very much any help. Sorry for the long post.
> Hope this makes sense.
Seems you and I have wound up with similar solutions to the same problem. :)
Outgoing mail has been scanned for Viruses
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002
This correspondence is for the named person?s use only. It may contain
confidential or legally privileged information or both. No confidentiality
or privilege is waived or lost by any mistransmission. If you receive this
correspondence in error, please immediately delete it from your system and
notify the sender. You must not disclose, copy or rely on any part of this
correspondence if you are not the intended recipient.
Any opinions expressed in this message are those of the individual sender.