<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: RE: RE: CIPE and ADSL lines
From: "Norberto Altalef" <nalt,AT,ub,DOT,edu,DOT,ar>
Date: Tue, 22 Oct 2002 19:06:19 +0200

Many thanks Mike and Tony for your help.

So, I will not use PKCIPE neither  :) and I will try with some Dynamic DNS
or the ping option.

Sorry, but is not enough clear for me, how can I setup the routes
in order a user can access the tunnel and the Internet from the same

OK, the ppp0 interface will be the default route for the cipe box.
In the internal network I have several Win9x boxes with the default gateway
pointing to the IP asigned to the cipcb0 interface.
In this way, a user can telnet a remote host and all the traffic will be
trough the vpn. Up this point I understand, but how can I direct IE packets
in order they don't use the vpn ?.

I will appreciate very much your help.

Many thanks and sorry for be so persistent with the route matter.
I assume that is not so complex, I can't figure the setup.

Many thanks again


>Just have to set routing tables accordingly.  Mine would be a good example
>of a very complex setup, with 3 VPN links (the third uses another system),
>some firewalling between the VPNs, two logical networks (one private, the
>other with public IPs, a hangover from a previous semi-permanent cnnection)
>and IP masquerading... :-)
>The whole thing purrs along quite nicely. :)
>> > Using two IP's in the internal interface ? One for the 
>> encrypted UDP packets
>> > and the other for access the Internet ? Or adding another phisical
>> > interface ?
>> Well, you'll have you're interface to the Internet (probably 
>> something like
>> ppp0). That's where your default route will be to. Then, 
>> you'll have cipcb0 and
>> that will be your route for the remote LAN.  If the computers 
>> in question are
>> gateways, use masquerading with ipchains (we still use it), 
>> point your users at
>> it for their gateway and everyone can use them for Internet 
>> access and VPN
>> simultaneously.
>I'd masquerade at all sites, so traffic bound for the Internet doesn't
>travel across the CIPE link, and route internal traffic along the VPN link.
>The RH 6.2 box uses ipchains (Dunno if I'll upgrade the box, iptables is
>nice and would solve a few of my problems, but it doesn't yet support
>everything I do - H323 masqerading, etc, that ipchains supports).
>The RH 7.3 box does use iptables (that site doesn't have the need for H323,
>as the guy who owns it doesn't have as much time to get on the Net as I
>> > 4- Related with 3) may I install Squid webcache in the same 
>> machine ?
>> Yes. We have done the same thing.
>I run IRC proxies (tircproxy) to handle DCC better than the default RH 6.2
>modules, as well as managing ident queries.  Haven't got Squid up on my
>network, but run a couple of services for the local network (mail
>cache/outbound mail server, etc), and a VoIP aplication.
>> > I will appreciate very much any help. Sorry for the long post.
>> Hope this makes sense.
>Seems you and I have wound up with similar solutions to the same problem.

<< | Thread Index | >> ]    [ << | Date Index | >> ]