<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: RE: RE: CIPE and ADSL lines
From: Tony Langdon <tlangdon,AT,atctraining,DOT,com,DOT,au>
Date: Wed, 23 Oct 2002 00:47:05 +0200

> Sorry, but is not enough clear for me, how can I setup the routes
> in order a user can access the tunnel and the Internet from the same
> machine.
> 
> OK, the ppp0 interface will be the default route for the cipe box.
> In the internal network I have several Win9x boxes with the 
> default gateway
> pointing to the IP asigned to the cipcb0 interface.

NO NO NO!  The default route for the Win9x boxes should be the IP address of
the Ethernet interface of the router.  The default gateway for any host is
always on the same local segment.

> In this way, a user can telnet a remote host and all the 
> traffic will be
> trough the vpn. Up this point I understand, but how can I 
> direct IE packets
> in order they don't use the vpn ?.

As per a routing example I sent the other day...

If the CIPE box is a Windows box, you set the default gateway on the ADSL
interface as normal.  You need to add an extra static route for the remote
network that points via the CIPE tunnel.  This can be done as below (in a
generalised fashion).

route add -p <remote network> <mask> <IP address of remote end of CIPE
tunnel>

As an example (based partly on reality, but some IP addresses changed).

We have two networks:

192.168.1.0/24  (netmask 255.255.255.0)
192.168.2.0/24  (netmask 255.255.255.0)

Network 1 has a Windows 2000 box running CIPE.  The IP addresses on this box
are:

PPP interface (PPPoE ADSL) - dynamic
CIPE interface - 10.200.200.1, netmask 255.255.255.0 (note the use of a
dummy subnet)
Ethernet - 192.168.1.1

Network 2 has a Linux box running CIPE for its router.  Its IP addresses
are:

PPP interface (PPoE ADSL) - dynamic
CIPE interface - 10.200.200.2, netmask 255.255.255.0
Ethernet - 192.168.2.1

On Net 1's router (Win2K), we need to add the following route command to
setup the VPN routing:

route add -p 192.168.2.0 mask 255.255.255.0 10.200.200.2
The default route is defined in the PPP interface setup as normal (i.e.
setup PPPoE as though you weren't using CIPE).

Also note that the Win9x machines on LAN 1 need to have their default
gateway set to 192.168.1.1.

On Net 2, we set the Linux router up as follows: (assume the PPPoE software
takes care of the default route)

/sbin/route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.200.200.1

Note here that the machines on LAN 2 have a default gateway of 192.168.2.1.

The trick to getting it right is:

1.  Setup each network to work as intended _without_ CIPE (i.e. make sure
each network can surf the net, etc).  Remember to give each network a
different LAN IP address range, so they can be linked.  This way, you can
verify that the basic infrastructure is working, and the only issue
remaining is to setup the tunnel.

2.  Install and configure CIPE as we've discussed.  This will add the
routing changes which are basically exceptions to the default of going via
the Internet.

I've done a few links this way and they're all working smoothly with no
routing "funnies". :)

---
Outgoing mail has been scanned for Viruses
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002
 

This correspondence is for the named person's use only. It may contain
confidential or legally privileged information or both. No confidentiality
or privilege is waived or lost by any mistransmission. If you receive this
correspondence in error, please immediately delete it from your system and
notify the sender. You must not disclose, copy or rely on any part of this
correspondence if you are not the intended recipient.

Any opinions expressed in this message are those of the individual sender.





<< | Thread Index | >> ]    [ << | Date Index | >> ]