<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: <cipe-l,AT,inka,DOT,de>
Subject: RE: cipe-newbe
From: "Mark Smith" <mark.smith,AT,avcosystems,DOT,co,DOT,uk>
Date: Fri, 4 Jul 2003 11:04:52 +0100
Importance: Normal
In-reply-to: <20030704094053.206.qmail@web20705.mail.yahoo.com>

This should be a FAQ, only I know my wording isn't great.

In order to route 'defualt' traffic through the tunnel, your machines behind
the tunnel should already be sending their default traffic to the machine
running the tunnel.  If the tunnel runs on standard machine behind a
standalone router, and the other machines are using the router for Internet
traffic, their traffic won't reach the tunnel.

Assuming the traffic is routing this way, then the tunnel machine needs a
very specific configuration - it must still be able to send it's encrypted
traffic to the other end of the tunnel, after which it's default route can
be set to the IP address of the cipe endpoint - NOT the real IP, I'm
referring to ptpaddr.

To achieve this, you need to add a host route (or subnet route if you're
feeling generous) to the real IP of the other end of the tunnel through the
external interface.  The method of getting this to survive reboots varies
between distributions.  Debian would probably recommend adding a line to
/etc/network/interfaces under 'eth0' such as:

up route add -host gw

(assuming 'eth0' to be your outbound network interface)

This then relies totally on the tunnel remaining operative in order to route
your default traffic.  If you fail to add the host route to the other end of
the tunnel, CIPE will be unable to get it's traffic through, and all your
traffic will stop at the tunnel machine.

If anyone wants to explain this a little better, feel free... =)


Mark Smith - Avco Systems Ltd
email: mark.smith,AT,avcosystems,DOT,co,DOT,uk
Tel: +44 (0)1784 430996 Fax: +44 (0)1784 431078

<< | Thread Index | >> ]    [ << | Date Index | >> ]