<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Questions
From: Damion Wilson <dwilson,AT,ibl,DOT,bm>
Date: Thu, 12 Dec 2002 17:02:47 +0100
In-reply-to: <001a01c2a184$f51def90$0a64a8c0@aaron>

Aaron,

There is a single Win32 client: CIPE-Win32 which you can find at 
CIPE-Win32.sourceforge.net. It still has some problems but, for the most 
part, it works OK (I'm using it in production).

I run a multiway setup with both fixed endpoints and road warriors using a 
fixed central CIPE router with multiple cipcbx virtual adapters:

1) I assume that any cipe process will stay alive indefinitely. CIPE is 
connectionless and doesn't really have "sessions" like PPTP or IPSec. Every 
packet received really has no lingering information about the conversation 
other than the key used to encrypt it.

2) I run each CIPE peer on a specific adapter, 1 per client. This simplifies 
the routing arrangement for me as I don't use dynamic routing protocols.

3) If a CIPE process on the router fails, it can be restarted on the same 
adapter with no problems. With CIPE 1.4.x on Mandrake, I have noticed that 
cipcb0 can become "stuck" in such a way that it cannot be used again once the 
original ciped-cb goes away. My workaround for this is to instantiate cipcb0 
but not to run a ciped-cb against it, starting my peers at cipcb1 instead

4) If a CIPE process on one of the peers fails, either Linux or Win32, 
restarting it should give you your tunnel back almost immediately.

Hope this helps

Damion K. Wilson

On Wednesday 11 December 2002 10:19 pm, Aaron Anderson wrote:
> I was able to setup CIPE with very little problem between 2 linux boxes.  I
> am using it to bridge 2 networks together over DSL lines.  I have a couple
> questions that I'm hoping you guys can answer:
>
> 1) Is there a way to make CIPE die more gracefully?  If cipe dies at one
> end it still stays active at another.  If I re-initiate the connection then
> another interface is created (ie cipcb1) but it has the same IP address as
> cipcb0 and therefore the same routing entries exist.  Packets coming in
> from cipcb1 are attempting to route back through cipcb0.  I have to login
> and kill the existing cipe process.  This also brings me to question 2.
>
> 2) "RoadWarriors".  If they start connecting to the VPN and then after
> disconnecting the cipe process and interface is still alive, then if they
> re-connect there will still be an existing route to a broken tunnel.  My
> other question regarding "roadwarriors" is what Win32 client would I use to
> connect, if one exists.
>
> thanks,
>
> Aaron





<< | Thread Index | >> ]    [ << | Date Index | >> ]