<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: "'cipe-l,AT,inka,DOT,de'" <cipe-l,AT,inka,DOT,de>
Subject: Road warrior configuration with proxy arp -- almost there, but not quite!
From: David Brodbeck <DavidB,AT,mail,DOT,interclean,DOT,com>
Date: Wed, 16 Jul 2003 15:20:27 -0400

I'm trying to get a "road warrior" configuration going between a host on my
network and a laptop, with proxy arp.  The machine serving as the host for
the connection is 152.160.178.33 (eth0), and has an additional IP on the
same physical interface of 152.160.178.25 (eth0:0).  I'm using
152.160.178.33 as the remotely accessable IP, and 152.160.178.25 as the cIPe
interface IP.

When the connection is made, the two hosts can ping each other on their cIPe
addresses.  In addition, proxy arp works to at least some extent; hosts on
the LAN can ping the laptop's cIPe address.  However, when I try to access
hosts on the LAN from the laptop, the packets get routed through the
Internet instead of the cIPe tunnel.  If I try to manually add a route
("route add -net 152.160.178.0/24 cipcb0") nothing works until I delete it
again.

Here's the options file on that host:

ptpaddr         152.160.178.100
ipaddr          152.160.178.25
me              152.160.178.33:6666
peer            0.0.0.0:6666
maxerr          -1
key             (deleted)
ipup            /etc/cipe/ip-up
ipdown          /etc/cipe/ip-down

Here's ip-up on the host:

#!/bin/sh
# ip-up <interface> <myaddr> <daemon-pid> <local> <remote> <arg>

# Sample of the ip-up script.
# This is called when the CIPE interface is opened.
# Arguments:
#  $1 interface     the CIPE interface
#  $2 myaddr        our UDP address
#  $3 daemon-pid    the daemon's process ID
#  $4 local         IP address of our CIPE device
#  $5 remote        IP address of the remote CIPE device
#  $6 arg           argument supplied via options

# Purposes for this script: set up routes, set up proxy-arps, etc.
# start daemons, logging...

umask 022
PATH=/sbin:/bin:/usr/sbin:/usr/bin

# If this becomes our default route...
#route add default gw $5

# just a logging example
now=`date "+%b %d %T"`
echo "$now UP   $*" >> /var/log/cipe.log

# many systems like these pid files
echo $3 > /var/run/$1.pid

# Trigger the key exchange procedure, useful when we're using SOCKS
# This _must_ run delayed and in the background
#(sleep 10; ping -c5 $5) &

# If the system runs gated, tell it what has happened
#gdc interface

# The following are just ideas for further consideration

# Interconnect two 10. subnets through the Internet!
# Assuming $4 is in 10.1 and $5 in 10.2
#route add -net 10.2.0.0 netmask 255.255.0.0 gw $5

# Proxy-ARP the peer's address on eth0
arp -i eth0 -Ds $5 eth0:0 pub

# Evil tricks department: masquerade the CIPE peer's /24 network to our IP
#NA=`expr $5 : '\([0-9]*\.[0-9]*\.[0-9]*\.\)'`
#ipfwadm -F -a accept -m -b -S $NA.0/24 -D 0.0.0.0/0
# the usual way for this would be a case selection on $5 or $6, however

# execute anything local
[ -x /etc/cipe/ip-up.local ] && /etc/cipe/ip-up.local $*

exit 0

And here's options on the laptop:

ptpaddr 152.160.178.25
ipaddr  152.160.178.100
me              0.0.0.0:6666
dynip           1
peer            152.160.178.33:6666
ping            60
maxerr  3
key             (deleted)

---

David Brodbeck, System Administrator
InterClean Equipment, Inc.
3939 Bestech Drive Suite B
Ypsilanti, MI 48197
(734) 975-2967 x221
(734) 975-1646 (fax)
 


<< | Thread Index | >> ]    [ << | Date Index | >> ]