<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: RE: multi VPN configuration
From: Arnaud Fileux <arnaud,AT,decaservices,DOT,com>
Date: Wed, 19 Mar 2003 10:27:32 +0100
In-reply-to: <XFMail.030319164550.gregory.hosler@accessgate.com.sg>

Thanks you for your responses.

I was looking in my iptables rules and I saw some mistakes on the VPN
server C, hosts A and host B:

my Routers A and B have a rule to forward all trafic (incoming and
outgoing) but not for my new interface 10.0.0.x. Perhaps 1 mistake ?

on VPN server C ... Arggg!! I saw a forwarding rules like:

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 (LAN internal) -j
MASQUERADE and not my 10.0.0.0/8 (VPN LAN) perhaps another mistake is
here.

I've not already test. I will test it as soon as possible.

Arnaud
 
Le mer 19/03/2003 � 09:45, Gregory Hosler a écrit :
> is "router A" doing a "port forward" of your CIPE port (on incoming 
>traffic) to
> "host a" ? (I'll bet not!)
> 
> similiarly, "router B" needs to "port forward: the CIPE port to "host b".
> 
> note in your 2 tested scenerios (a to c, and b to c) port forwarding is not
> necessary as all traffic is outbound (from a, or from b), or is returned
> masqueraded traffic.
> 
> best rgds,
> 
> -Greg
> 
> On 19-Mar-03 Arnaud Fileux wrote:
> > Hi users and gurus CIPE,
> > 
> > I'am trying to configure a multi-VPN like this:
> > 
> >   |###| Host CIPE A
> >     |
> >   |###| Router A
> >     | 
> > (Internet)
> >     |
> >   |###|Server VPN CIPE C
> >     |
> > (Internet)
> >     |
> >   |###| Router B
> >     |
> >   |###| Host CIPE B
> > 
> > 
> > The tunnel works fine between Host A and server VPN C
> > The tunnel works fine between Host B and server VPN C
> > 
> > It doesn't work between A and B and i don't known why ? What is the best
> > way to success the VPN between A and B ?
> > 
> > Thanks you for your help.
> > 
> > Arnaud.
> > 
> > 
> > --
> > Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> > Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> > Other commands available with "help" in body to the same address.
> > CIPE info and list archive:
> > <URL:http://sites.inka.de/~bigred/devel/cipe.html>
> 
> ----------------------------------
> E-Mail: Gregory Hosler <gregory.hosler,AT,accessgate,DOT,com,DOT,sg>
> Date: 19-Mar-03
> Time: 16:43:37
> 
>   If each of us have one object, and we exchange them,
>      then each of us still has one object.
>   If each of us have one idea,   and we exchange them,
>      then each of us now has two ideas.
> 
> ----------------------------------





<< | Thread Index | >> ]    [ << | Date Index | >> ]