| To: | <cipe-l,AT,inka,DOT,de> |
| Subject: | RE: cipe-newbe |
| From: | "Mark Smith" <mark.smith,AT,avcosystems,DOT,co,DOT,uk> |
| Date: | Fri, 4 Jul 2003 11:04:52 +0100 |
| Importance: | Normal |
| In-reply-to: | <20030704094053.206.qmail@web20705.mail.yahoo.com> |
This should be a FAQ, only I know my wording isn't great. In order to route 'defualt' traffic through the tunnel, your machines behind the tunnel should already be sending their default traffic to the machine running the tunnel. If the tunnel runs on standard machine behind a standalone router, and the other machines are using the router for Internet traffic, their traffic won't reach the tunnel. Assuming the traffic is routing this way, then the tunnel machine needs a very specific configuration - it must still be able to send it's encrypted traffic to the other end of the tunnel, after which it's default route can be set to the IP address of the cipe endpoint - NOT the real IP, I'm referring to ptpaddr. To achieve this, you need to add a host route (or subnet route if you're feeling generous) to the real IP of the other end of the tunnel through the external interface. The method of getting this to survive reboots varies between distributions. Debian would probably recommend adding a line to /etc/network/interfaces under 'eth0' such as: up route add -host 1.2.3.4 gw 192.168.0.2 (assuming 'eth0' to be your outbound network interface) This then relies totally on the tunnel remaining operative in order to route your default traffic. If you fail to add the host route to the other end of the tunnel, CIPE will be unable to get it's traffic through, and all your traffic will stop at the tunnel machine. If anyone wants to explain this a little better, feel free... =) HTH, -- Mark Smith - Avco Systems Ltd email: mark.smith,AT,avcosystems,DOT,co,DOT,uk Tel: +44 (0)1784 430996 Fax: +44 (0)1784 431078