| Subject: | RE: RE: CIPE and ADSL lines |
| From: | Tony Langdon <tlangdon,AT,atctraining,DOT,com,DOT,au> |
| Date: | Wed, 23 Oct 2002 00:47:05 +0200 |
> Sorry, but is not enough clear for me, how can I setup the routes > in order a user can access the tunnel and the Internet from the same > machine. > > OK, the ppp0 interface will be the default route for the cipe box. > In the internal network I have several Win9x boxes with the > default gateway > pointing to the IP asigned to the cipcb0 interface. NO NO NO! The default route for the Win9x boxes should be the IP address of the Ethernet interface of the router. The default gateway for any host is always on the same local segment. > In this way, a user can telnet a remote host and all the > traffic will be > trough the vpn. Up this point I understand, but how can I > direct IE packets > in order they don't use the vpn ?. As per a routing example I sent the other day... If the CIPE box is a Windows box, you set the default gateway on the ADSL interface as normal. You need to add an extra static route for the remote network that points via the CIPE tunnel. This can be done as below (in a generalised fashion). route add -p <remote network> <mask> <IP address of remote end of CIPE tunnel> As an example (based partly on reality, but some IP addresses changed). We have two networks: 192.168.1.0/24 (netmask 255.255.255.0) 192.168.2.0/24 (netmask 255.255.255.0) Network 1 has a Windows 2000 box running CIPE. The IP addresses on this box are: PPP interface (PPPoE ADSL) - dynamic CIPE interface - 10.200.200.1, netmask 255.255.255.0 (note the use of a dummy subnet) Ethernet - 192.168.1.1 Network 2 has a Linux box running CIPE for its router. Its IP addresses are: PPP interface (PPoE ADSL) - dynamic CIPE interface - 10.200.200.2, netmask 255.255.255.0 Ethernet - 192.168.2.1 On Net 1's router (Win2K), we need to add the following route command to setup the VPN routing: route add -p 192.168.2.0 mask 255.255.255.0 10.200.200.2 The default route is defined in the PPP interface setup as normal (i.e. setup PPPoE as though you weren't using CIPE). Also note that the Win9x machines on LAN 1 need to have their default gateway set to 192.168.1.1. On Net 2, we set the Linux router up as follows: (assume the PPPoE software takes care of the default route) /sbin/route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.200.200.1 Note here that the machines on LAN 2 have a default gateway of 192.168.2.1. The trick to getting it right is: 1. Setup each network to work as intended _without_ CIPE (i.e. make sure each network can surf the net, etc). Remember to give each network a different LAN IP address range, so they can be linked. This way, you can verify that the basic infrastructure is working, and the only issue remaining is to setup the tunnel. 2. Install and configure CIPE as we've discussed. This will add the routing changes which are basically exceptions to the default of going via the Internet. I've done a few links this way and they're all working smoothly with no routing "funnies". :) --- Outgoing mail has been scanned for Viruses Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002 This correspondence is for the named person's use only. It may contain confidential or legally privileged information or both. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this correspondence in error, please immediately delete it from your system and notify the sender. You must not disclose, copy or rely on any part of this correspondence if you are not the intended recipient. Any opinions expressed in this message are those of the individual sender.