<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: "'cipe-l,AT,inka,DOT,de'" <cipe-l,AT,inka,DOT,de>
Subject: Road warrior configuration with proxy arp -- almost there, but not quite!
From: David Brodbeck <DavidB,AT,mail,DOT,interclean,DOT,com>
Date: Wed, 16 Jul 2003 15:20:27 -0400

I'm trying to get a "road warrior" configuration going between a host on my
network and a laptop, with proxy arp.  The machine serving as the host for
the connection is (eth0), and has an additional IP on the
same physical interface of (eth0:0).  I'm using as the remotely accessable IP, and as the cIPe
interface IP.

When the connection is made, the two hosts can ping each other on their cIPe
addresses.  In addition, proxy arp works to at least some extent; hosts on
the LAN can ping the laptop's cIPe address.  However, when I try to access
hosts on the LAN from the laptop, the packets get routed through the
Internet instead of the cIPe tunnel.  If I try to manually add a route
("route add -net cipcb0") nothing works until I delete it

Here's the options file on that host:

maxerr          -1
key             (deleted)
ipup            /etc/cipe/ip-up
ipdown          /etc/cipe/ip-down

Here's ip-up on the host:

# ip-up <interface> <myaddr> <daemon-pid> <local> <remote> <arg>

# Sample of the ip-up script.
# This is called when the CIPE interface is opened.
# Arguments:
#  $1 interface     the CIPE interface
#  $2 myaddr        our UDP address
#  $3 daemon-pid    the daemon's process ID
#  $4 local         IP address of our CIPE device
#  $5 remote        IP address of the remote CIPE device
#  $6 arg           argument supplied via options

# Purposes for this script: set up routes, set up proxy-arps, etc.
# start daemons, logging...

umask 022

# If this becomes our default route...
#route add default gw $5

# just a logging example
now=`date "+%b %d %T"`
echo "$now UP   $*" >> /var/log/cipe.log

# many systems like these pid files
echo $3 > /var/run/$1.pid

# Trigger the key exchange procedure, useful when we're using SOCKS
# This _must_ run delayed and in the background
#(sleep 10; ping -c5 $5) &

# If the system runs gated, tell it what has happened
#gdc interface

# The following are just ideas for further consideration

# Interconnect two 10. subnets through the Internet!
# Assuming $4 is in 10.1 and $5 in 10.2
#route add -net netmask gw $5

# Proxy-ARP the peer's address on eth0
arp -i eth0 -Ds $5 eth0:0 pub

# Evil tricks department: masquerade the CIPE peer's /24 network to our IP
#NA=`expr $5 : '\([0-9]*\.[0-9]*\.[0-9]*\.\)'`
#ipfwadm -F -a accept -m -b -S $NA.0/24 -D
# the usual way for this would be a case selection on $5 or $6, however

# execute anything local
[ -x /etc/cipe/ip-up.local ] && /etc/cipe/ip-up.local $*

exit 0

And here's options on the laptop:

dynip           1
ping            60
maxerr  3
key             (deleted)


David Brodbeck, System Administrator
InterClean Equipment, Inc.
3939 Bestech Drive Suite B
Ypsilanti, MI 48197
(734) 975-2967 x221
(734) 975-1646 (fax)

<< | Thread Index | >> ]    [ << | Date Index | >> ]