RE: RE: CIPE and ADSL lines|
"Norberto Altalef" <nalt,AT,ub,DOT,edu,DOT,ar>|
Tue, 22 Oct 2002 19:06:19 +0200|
Many thanks Mike and Tony for your help.
So, I will not use PKCIPE neither :) and I will try with some Dynamic DNS
or the ping option.
Sorry, but is not enough clear for me, how can I setup the routes
in order a user can access the tunnel and the Internet from the same
OK, the ppp0 interface will be the default route for the cipe box.
In the internal network I have several Win9x boxes with the default gateway
pointing to the IP asigned to the cipcb0 interface.
In this way, a user can telnet a remote host and all the traffic will be
trough the vpn. Up this point I understand, but how can I direct IE packets
in order they don't use the vpn ?.
I will appreciate very much your help.
Many thanks and sorry for be so persistent with the route matter.
I assume that is not so complex, I can't figure the setup.
Many thanks again
>Just have to set routing tables accordingly. Mine would be a good example
>of a very complex setup, with 3 VPN links (the third uses another system),
>some firewalling between the VPNs, two logical networks (one private, the
>other with public IPs, a hangover from a previous semi-permanent cnnection)
>and IP masquerading... :-)
>The whole thing purrs along quite nicely. :)
>> > Using two IP's in the internal interface ? One for the
>> encrypted UDP packets
>> > and the other for access the Internet ? Or adding another phisical
>> > interface ?
>> Well, you'll have you're interface to the Internet (probably
>> something like
>> ppp0). That's where your default route will be to. Then,
>> you'll have cipcb0 and
>> that will be your route for the remote LAN. If the computers
>> in question are
>> gateways, use masquerading with ipchains (we still use it),
>> point your users at
>> it for their gateway and everyone can use them for Internet
>> access and VPN
>I'd masquerade at all sites, so traffic bound for the Internet doesn't
>travel across the CIPE link, and route internal traffic along the VPN link.
>The RH 6.2 box uses ipchains (Dunno if I'll upgrade the box, iptables is
>nice and would solve a few of my problems, but it doesn't yet support
>everything I do - H323 masqerading, etc, that ipchains supports).
>The RH 7.3 box does use iptables (that site doesn't have the need for H323,
>as the guy who owns it doesn't have as much time to get on the Net as I
>> > 4- Related with 3) may I install Squid webcache in the same
>> machine ?
>> Yes. We have done the same thing.
>I run IRC proxies (tircproxy) to handle DCC better than the default RH 6.2
>modules, as well as managing ident queries. Haven't got Squid up on my
>network, but run a couple of services for the local network (mail
>cache/outbound mail server, etc), and a VoIP aplication.
>> > I will appreciate very much any help. Sorry for the long post.
>> Hope this makes sense.
>Seems you and I have wound up with similar solutions to the same problem.