<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Questions
From: Mike Gende <mgende,AT,gendesign,DOT,com>
Date: Thu, 12 Dec 2002 03:55:06 +0100
In-reply-to: <001a01c2a184$f51def90$0a64a8c0@aaron>

Aaron Anderson wrote:

> I was able to setup CIPE with very little problem between 2 linux boxes.  I
> am using it to bridge 2 networks together over DSL lines.  I have a couple
> questions that I'm hoping you guys can answer:

I do the same thing...

> 1) Is there a way to make CIPE die more gracefully?  If cipe dies at one end
> it still stays active at another.  If I re-initiate the connection then
> another interface is created (ie cipcb1) but it has the same IP address as
> cipcb0 and therefore the same routing entries exist.

When I have a cipcbX interface fail, part of the script that sets up the
interface pulls down any previous one. I've got a script that does 'em all 
(there
are several) or only a single cipe interface. I don't have to do that very 
often
though, usually it's the DSL that fails.

> 2) "RoadWarriors".  If they start connecting to the VPN and then after
> disconnecting the cipe process and interface is still alive, then if they
> re-connect there will still be an existing route to a broken tunnel.

For remote clients either static or mobile, we set up a cipcbX interface just 
for
them. It's always available on the host, so when they need it they connect.
Someone with bad intentions could try to connect to that interface, but they
would have to know the password in the options file, not easy to figure out.

> My
> other question regarding "roadwarriors" is what Win32 client would I use to
> connect, if one exists.

Don't use Microsoft, couldn't tell you, sorry.

> thanks,

I'm not sure I addressed your problems, just how I do it with some of our
customers.

> Aaron

Mike





<< | Thread Index | >> ]    [ << | Date Index | >> ]